Recently, API Gateway request type feature was added from v1.24.0. It is just the right time to have this feature.
With token type, I can easily understand that the
Authorization token will be used for authorization and auth handler function
generatePolicy generates policy cache after the token is validated. If the token is validated, all service accesses in this api gateway is allowed in next 5 minutes (default TTL)
But request type is different.
How the cache works with request type?
For example, I enable request type and check Authorization header and the url endpoint (
https://<api_gateway_url>/endpoint-1/<rest>) . In my project, only authorization token and endpoint both match my database recodes, the access is allowed.
But when I tested with request type, I found after authorized, it can access any endpoint (endpoint-1, endpoint-2, …) in TTL.
events: - http: path: profile method: get authorizer: name: authorizer resultTtlInSeconds: 300 identitySource: method.request.header.Authorization type: request
Are there anything I need do with
identitySource, such as
identitySource: method.request.header.Authorization, context.??????.endpoint
Need your help. Thanks.
In request type, there are four choices:
NONE Validate boby Validate body, query string parameters, and headers Validate query string parameters and headers
With current request type feature in serverless framework, I can’t find out where to set with above options. Then I need to know what option currently it supported.
If you need to understand the differences between request type and token type, please go through this aws document: Amazon API Gateway