我已经创建了一个api网关方法并进行了部署 . 之后我创建了一个自定义授权器并用api网关方法绑定它 . 当我通过自定义域链接调用api网关方法时,我收到 {"message":"Unauthorized"} 错误 . 如果我通过它的工具测试自定义授权器,那么它工作正常 .
如果我通过使用自定义域调用没有自定义授权器,那么它工作正常 . 我还检查了api网关日志,但是如果使用自定义授权程序调用api,则不会创建日志 .
我在lambda节点js脚本下面使用自定义授权器 -
`
console.log('Loading function');
exports.handler = (event, context, callback) => {
console.log("event = "+event);
console.log("token = "+event.authorizationToken);
console.log("method = "+event.methodArn);
var token = event.authorizationToken;
// Call oauth provider, crack jwt token, etc.
// In this example, the token is treated as the status for simplicity.
switch (token.toLowerCase()) {
case 'allow':
callback(null, generatePolicy('user', 'Allow', event.methodArn));
break;
case 'deny':
callback(null, generatePolicy('user', 'Deny', event.methodArn));
break;
case 'unauthorized':
callback("Unauthorized"); // Return a 401 Unauthorized response
break;
default:
callback("Error: Invalid token");
}
};
var generatePolicy = function(principalId, effect, resource) {
var authResponse = {};
authResponse.principalId = principalId;
if (effect && resource) {
var policyDocument = {};
policyDocument.Version = '2012-10-17'; // default version
policyDocument.Statement = [];
var statementOne = {};
statementOne.Action = 'execute-api:Invoke'; // default action
statementOne.Effect = effect;
statementOne.Resource = resource;
policyDocument.Statement[0] = statementOne;
authResponse.policyDocument = policyDocument;
}
// Can optionally return a context object of your choosing.
authResponse.context = {};
authResponse.context.stringKey = "stringval";
authResponse.context.numberKey = 123;
authResponse.context.booleanKey = true;
return authResponse;
}
`
在 Headers 我传递下面的参数 -
'type: TOKEN',
'authorizationToken: allow',
'methodArn: arn:aws:execute-api:us-east-1:accountId:app_id/*/GET/users/*'
所以请告诉我,我在哪里做错了 .
提前致谢 .