Make a Serverless API which can work with or without Authentication

Jeevantk · August 22, 2020, 3:29pm

Hi,
I have a usecase where I want to give varying responses if the user is not authenticated / not authenticated . I am using cognito for authentication .

getProfile:
** handler: profileController.getProfileDetails**
** events:**
** - http:**
** path: profile/{profileName}**
** method: get**
** cors: true**
** authorizer:**
** arn: COGNITO ARN GOES HERE**

if I call this API without passing and Authorization Header, I am getting a response stating

{
** “message”: “Unauthorized”**
}

and the control doesn’t even go to my lambda function . What I want is something like this
export async function getProfileDetails(event,context){

if(!event.requestContext.authorizer){
** // go to unauthorized flow**
}else{
** // go to authorized flow**
}
}

Please let me know if it is possible to do the same with serverless, API Gateway , lambda and cognito .

Thanks in Advance

davidlng8 · September 10, 2020, 8:05pm

I noticed there hasn’t been a reply yet so i figured i’d ask a question (i’m also looking for a solution to this): What about switching to a custom authorizer that redirects to a separate lambda method when authentication fails? Would that be a worthwhile approach?

Topic		Replies	Views
Securing API Gateway endpoints using Cognito Serverless Framework aws	7	13648	July 1, 2018
API Gateway secured with cognito supported by serverless_wsgi flask Serverless Framework aws , lambda , security , api-gateway	0	1575	January 24, 2020
Serverless API Gateway Auth via Cognito JWT Serverless Framework	1	736	September 30, 2019
How to secure an API? Serverless Framework lambda , api-gateway	1	522	April 29, 2019
Custom authorizer error not returned to client Serverless Framework	1	2113	October 14, 2019

Make a Serverless API which can work with or without Authentication

Related Topics