Hi there, got the following scenario: my identity service returns a list of permissions for each tenant. My lambda authorizer calls an endpoint on identity service to check that the access token is valid and that it has the required permissions for the provided tenant. The tenant is passed via query string to the API Gateway endpoint but the authorizer has no way to know what the required permissions are, so for now I’ve been hardcoding them.
Is there any way to pass a parameter from the API Gateway endpoint to the Lambda Authorizer other than the usual pathParameters or queryString? I was thinking to add them to the authorizer like this:
Once a JWT is decoded, I check the user’s permissions against the scopes defined in that mapping. Here’s my authorizer code (I omitted error-checking and irrelevant things):
While this works, it means I have to keep the function names in serverless.yml in perfect sync with my authMappings array. Additionally, that array will be uploaded to Lambda, which is not great.
Does anyone have a better solution? I’m unfortunately thinking of switching to Express just because of this
In example above you can see how to define passing a querystring parameter, I’m not sure if it is needed, as whne changing type from “token” to “request” all http request data is passed (headers, paths, all query strings, like for regular lambda proxy integration ).
Finally in each function you want to use your authorizer: