Accessing claims through custom authorizer


For my serverless app, I use a custom authorizer which will get the auth token from the cognito user pool. In my custom authorizer lambda function, i return the custom IAM policy based on the cognito user pool group data. So the output of my customAuthorizer is basically an IAM policy like below

  const policy = {};
  policy.principalId = this.principalId;
  const doc = {};
  doc.Version = this.version;
  doc.Statement = [];
  doc.Statement = doc.Statement.concat(, 'Allow', this.allowMethods));
  doc.Statement = doc.Statement.concat(, 'Deny', this.denyMethods));
  policy.policyDocument = doc;
  policy.context = {
    username: this.payload['cognito:username'],
    isAdmin: this.payload.isAdmin
 return policy;

Everything works great related to authentication & authorization, but when i tried to access the additional “context” variables (username, isAdmin) from my backend lambda function, those variables are not available. I checked both “event” and “context” arguments from my backend lambda function, but they doesnt have these “context” variables. When i inspect the “event” from my backend lambda function, i see something like below

{ body: {},
method: 'GET',
principalId: '34ae00df-4f19-48a4-b137-8ee3b41c0303',
stage: 'dev',
cognitoPoolClaims: { sub: '' },
{ Accept: '*/*',
'Accept-Encoding': 'gzip, deflate, sdch, br',
'Accept-Language': 'en-US,en;q=0.8',
Authorization: '<MY_AUTH_TOKEN>',
'CloudFront-Forwarded-Proto': 'https',
'CloudFront-Is-Desktop-Viewer': 'true',
'CloudFront-Is-Mobile-Viewer': 'false',
'CloudFront-Is-SmartTV-Viewer': 'false',
'CloudFront-Is-Tablet-Viewer': 'false',
'CloudFront-Viewer-Country': 'US',
'content-type': 'application/json',
Host: '',
origin: 'http://localhost:3000',
Referer: 'http://localhost:3000/todos/37bfd6a0-2240-11e7-bac9-e37e910630c1',
'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36',
Via: '2.0 (CloudFront)',
'X-Amz-Cf-Id': 'bdkshbgoqihnmasdnbSHad-JHDJFFJDjhdfdajfad==',
'X-Amzn-Trace-Id': 'Root=1-78e42hds-254878njsdf9842572',
'X-Forwarded-For': '<SOME_IP>',
'X-Forwarded-Port': '443',
'X-Forwarded-Proto': 'https' },
query: {},
path: { id: '37bfd6a0-2240-11e7-bac9-e37e910630c1' },
{ cognitoIdentityPoolId: '',
accountId: '',
cognitoIdentityId: '',
caller: '',
apiKey: '',
sourceIp: '<SOURCE_IP>',
accessKey: '',
cognitoAuthenticationType: '',
cognitoAuthenticationProvider: '',
userArn: '',
userAgent: 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36',
user: '' },
stageVariables: {} }

I have the below function settings in my serverless.yml file.

    handler: todos/authorizer.Custom
    handler: todos/get.get
      - http:
          path: todos/{id}
          method: get
          cors: true
          integration: lambda
          authorizer: customAuthorize

So my question is how to access these context entries (username, isAdmin) inside my backend lambda function after a successful authorization process?

Finally I found the issue and resolved it by removing the below line from my serverless.yml file

integration: lambda

Basically i should use the lambda-proxy integration (which is default in serverless framework) to get those context variables. So that we can access them inside lambda functions using "event.requestContext.authorizer.yourKey"