Hello,
For my serverless app, I use a custom authorizer which will get the auth token from the cognito user pool. In my custom authorizer lambda function, i return the custom IAM policy based on the cognito user pool group data. So the output of my customAuthorizer is basically an IAM policy like below
const policy = {};
policy.principalId = this.principalId;
const doc = {};
doc.Version = this.version;
doc.Statement = [];
doc.Statement = doc.Statement.concat(getStatementsForEffect.call(this, 'Allow', this.allowMethods));
doc.Statement = doc.Statement.concat(getStatementsForEffect.call(this, 'Deny', this.denyMethods));
policy.policyDocument = doc;
policy.context = {
username: this.payload['cognito:username'],
isAdmin: this.payload.isAdmin
};
return policy;
Everything works great related to authentication & authorization, but when i tried to access the additional “context” variables (username, isAdmin) from my backend lambda function, those variables are not available. I checked both “event” and “context” arguments from my backend lambda function, but they doesnt have these “context” variables. When i inspect the “event” from my backend lambda function, i see something like below
{ body: {},
method: 'GET',
principalId: '34ae00df-4f19-48a4-b137-8ee3b41c0303',
stage: 'dev',
cognitoPoolClaims: { sub: '' },
headers:
{ Accept: '*/*',
'Accept-Encoding': 'gzip, deflate, sdch, br',
'Accept-Language': 'en-US,en;q=0.8',
Authorization: '<MY_AUTH_TOKEN>',
'CloudFront-Forwarded-Proto': 'https',
'CloudFront-Is-Desktop-Viewer': 'true',
'CloudFront-Is-Mobile-Viewer': 'false',
'CloudFront-Is-SmartTV-Viewer': 'false',
'CloudFront-Is-Tablet-Viewer': 'false',
'CloudFront-Viewer-Country': 'US',
'content-type': 'application/json',
Host: 'myapp.execute-api.us-east-1.amazonaws.com',
origin: 'http://localhost:3000',
Referer: 'http://localhost:3000/todos/37bfd6a0-2240-11e7-bac9-e37e910630c1',
'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36',
Via: '2.0 1267c3svv42d489e3cv11.cloudfront.net (CloudFront)',
'X-Amz-Cf-Id': 'bdkshbgoqihnmasdnbSHad-JHDJFFJDjhdfdajfad==',
'X-Amzn-Trace-Id': 'Root=1-78e42hds-254878njsdf9842572',
'X-Forwarded-For': '<SOME_IP>',
'X-Forwarded-Port': '443',
'X-Forwarded-Proto': 'https' },
query: {},
path: { id: '37bfd6a0-2240-11e7-bac9-e37e910630c1' },
identity:
{ cognitoIdentityPoolId: '',
accountId: '',
cognitoIdentityId: '',
caller: '',
apiKey: '',
sourceIp: '<SOURCE_IP>',
accessKey: '',
cognitoAuthenticationType: '',
cognitoAuthenticationProvider: '',
userArn: '',
userAgent: 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36',
user: '' },
stageVariables: {} }
I have the below function settings in my serverless.yml file.
functions:
customAuthorize:
handler: todos/authorizer.Custom
get:
handler: todos/get.get
events:
- http:
path: todos/{id}
method: get
cors: true
integration: lambda
authorizer: customAuthorize
So my question is how to access these context entries (username, isAdmin) inside my backend lambda function after a successful authorization process?