Use AWS lambda as a custom authorizer

ankurjain1 · 04-18-2018 10:28 AM

Hi,

I want to invoke my target service which is hosted in Aws nodes from Apigee. For authentication and authorization, I want to use aws lambda as a custom authorizer which will do the oauth2 validation. Only, authorized calls are allowed to invoke target service.

Can anyone tell me how can i achieve this functionality?

Thanks

mpurwar

Hi @Ankur Jain, Let me try to provide you a solution from my understanding of the use case.

I am assuming the API client is going to pass the credentials which you want to simply pass it along to the OAuth2 Validation Lambda function (deployed and available AWS) to validate and allow to invoke the target service if credentials are valid.

I don't understand why you are Apigee in this use case in the first place? I say this because Apigee natively provides the OAuth2.0 policy with various grant types.

Nevertheless, above can be achieved by using the nodejs script and aws-sdk module within Apigee.

You can construct a credentials request in nodejs and pass that request as payload attribute of params in the lambda invoke method. Based on response from the Lambda function, you can either subsequently invoke the target service in the same nodejs script (Valid credentials) or send an unauthorized error response to the client (Invalid credentials).

ankurjain1

Hi @Mudit Kumar, I have tried to connect to lambda as mentioned by you and it is working.

Thanks for the reply.