0

When I create a resource/method in AWS API Gateway API I can create one of the following methods: DELETE, GET, HEAD, OPTIONS, PATCH or POST.

If I choose GET then API Gateway doesn't pass authentication details; but for POST it does.

For GET should I be adding the cognito credentials to the URL of my GET? or just never use GET and use POST for all authenticated calls?

My set-up in API Gateway/Lambda:

I created a Resource and two methods: GET and POST Under Authorization Settings I set Authorization to AWS_AIM For this example there is no Request Model

Under Method Execution I set Integration type to Lambda Function and I check Invoke with caller credentials (I also set Lambda Region and Lambda Function) I leave Credentials cache unchecked.

For Body Mapping Templates, I set Content-Type to `application/json' and the Mapping Template to 

{ "identity" : "$input.params('identity')"}

In my Python Lambda function:

def lambda_handler(event, context):
    print context.identity
    print context.identity.cognito_identity_id

    return True

Running the Python function:

For the GET context.identity is None For the POST context.identity has a value and context.identity.cognito_identity_id has the correct value.

Carl
  • 2,896
  • 2
  • 32
  • 50
  • 1
    All methods support authentication. Are you sure you enabled authentication for the method before testing? – Bob Kinney Mar 27 '16 at 20:30

1 Answers1

2

As mentioned in comments: all HTTP methods support authentication. If the method is configured to require authentication, authentication results should be included in the context for you to access via mapping templates to pass down stream as contextual information.

If this is not working for you, please update your question to reflect:

  1. How your API methods are configured.
  2. What your mapping template is.
  3. What results you see in testing.

UPDATE

The code in your lambda function is checking the context of the Lambda function, not the value from API Gateway. To access the value passed in from API Gateway, you would need to use event.identity not context.identity.

This would only half solve your problem as you are not using the correct value to access the identity in API gateway. That would be $context.identity.cognitoIdentityId (assuming you are using Amazon Cognito auth). Please see the mapping template reference for a full guide of supported variables.

Finally, you may want to consider using the template referenced in this question.

Community
  • 1
  • 1
Bob Kinney
  • 8,870
  • 1
  • 27
  • 35
  • thanks Bob. I can now see that I can access the user's id from my Lambda function using context.identity.cognito_identity_id - and not specify anything in my APIG mapping templates. Much cleaner. I knew you must be offering a clean solution :) just took a while to work it out – Carl Mar 30 '16 at 11:10