I’m using the Aws Lambda authorizer to secure an Api gateway. The authorizer lambda function is written in python using this blueprint from aws (https://github.com/awslabs/aws-apigateway-lambda-authorizer-blueprints/blob/master/blueprints/python/api-gateway-authorizer-python.py)
I added this code in the “blueprint”
if(event['authorizationToken'] == 'allow'): policy.allowAllMethods()else: policy.denyAllMethods()# Finally, build the policyauthResponse = policy.build() # new! -- add additional key-value pairs associated with the authenticated principal# these are made available by APIGW like so: $context.authorizer.<key># additional context is cachedcontext = { 'key': 'somevalue, # $context.authorizer.key -> value 'number' : 1, 'bool' : True}# context['arr'] = ['foo'] <- this is invalid, APIGW will not accept it# context['obj'] = {'foo':'bar'} <- also invalid authResponse['context'] = contextreturn authResponseHowever in the lambda function attached to the route i cannot find the context value from authorizer. How can i get the values from context[key] ?
Advertisement
Answer
The solution is to use Mapping Templates on Integration Request. If you look at the route pipeline you will see that before reaching the Lambda Function you have a “Integration Request” section (and also a Integration Response)
In Integration Request you have the option to edit the input into lambda function via Mapping Templates.
So, i created a new Mapping Template ( use “Where” there are no Templates defined) Content -Type use application/json and in the actual template use something like #set($inputRoot = $input.path(‘$’))
{ "key":"$context.authorizer.key"}Attention : the above template will remove the original output. That data is found in $inputRoot and you can add it to response using this format
{ "key":"$context.authorizer.key", "originalkey":$inputRoot.originalkey}