2

Is it possible to use a custom authorization lambda with ApiGatewayV2 for a HTTP API? I know it's supported for a WebSocket API but there seems to only be support for AWS' own JWT authorizer for HTTP APIs. Does anyone know of a smart way to solve this? The reason I'm asking is I need to validate third party tokens that do not fully follow OAuth2 standards (and therefore cannot use the out of the box JWT authorizer).

Improve this question

2 Answers 2

Reset to default
1

It is possible to have a custom authorizer lambda with an AWS ApiGatewayV2 HTTP API.

For me at the moment (still early in my development) I actually have both a V2 WEBSOCKET and a V2 HTTP API using the same lambda for authentication, and both APIs using another lambda for the route handling -- yes, only 2 lambdas handling both APIs.

It is a bit of a mess because each API type has different event formats.

I created the WEBSOCKET API first and got the authorization lambda for it working first using OAUTH "client_credentials" and JWTs.

Then I added the HTTP API -- but it did require specifically declaring (I use terraform) the $default stage, a deployment, an integration, and a route with a $default route_key. The route is where the "CUSTOM" authorizer gets tied in. The point here is that using the so-called "quick create" V2 HTTP api does not appear to allow a custom authorizer.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Edit

This is now a feature added to HTTP API Gateways, more can be found in the Introducing IAM and Lambda authorizers for Amazon API Gateway HTTP APIs announcement.

Original

Unfortunately Lambda custom authorizers have not been migrated to be supported by HTTP API Gateways yet.

To build RESTful APIs, you can use either HTTP APIs or REST APIs from API Gateway. REST APIs offer a wide variety of features for building and managing RESTful APIs. HTTP APIs are up to 71% cheaper compared to REST APIs, but offer only API proxy functionality. HTTP APIs are optimized for performance—they offer the core functionality of API Gateway at a lower price.

The above quote from the announcement indicates that this is a light weight version of API Gateway at the moment.

Improve this answer

5 Comments

Thank you for the answer! I'll have to RestApi then.
Glad I could help :)
@ChrisWilliams I've managed to deploy a working HTTP API with custom lambda authorizer after many many fails... I've given up with OpenAPI body description within my template and I fully use now, core objects like AWS::ApiGatewayV2::Authorizer, AWS::ApiGatewayV2::Integration & AWS::ApiGatewayV2::Route.. not as clean a openapi snippet but a working template :-)
that's not true anymore as custom lambda authorizers are supported by api gw v2- docs.aws.amazon.com/apigateway/latest/developerguide/…
Thanks, I have updated the answer. How funny a few months of announcements can impact your answers :D

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.