Recently, API Gateway request type feature was added from v1.24.0. It is just the right time to have this feature.
With token type, I can easily understand that the Authorization
token will be used for authorization and auth handler function generatePolicy
generates policy cache after the token is validated. If the token is validated, all service accesses in this api gateway is allowed in next 5 minutes (default TTL)
But request type is different.
Question #1
How the cache works with request type?
For example, I enable request type and check Authorization header and the url endpoint (https://<api_gateway_url>/endpoint-1/<rest>
) . In my project, only authorization token and endpoint both match my database recodes, the access is allowed.
But when I tested with request type, I found after authorized, it can access any endpoint (endpoint-1, endpoint-2, …) in TTL.
events:
- http:
path: profile
method: get
authorizer:
name: authorizer
resultTtlInSeconds: 300
identitySource: method.request.header.Authorization
type: request
Are there anything I need do with identitySource
, such as
identitySource: method.request.header.Authorization, context.??????.endpoint
Need your help. Thanks.
Question #2
In request type, there are four choices:
NONE
Validate boby
Validate body, query string parameters, and headers
Validate query string parameters and headers
With current request type feature in serverless framework, I can’t find out where to set with above options. Then I need to know what option currently it supported.
Notes
If you need to understand the differences between request type and token type, please go through this aws document: Amazon API Gateway