ajax Restful request for authentication and other resources

[sharavsambuu]

Hello,

Can u implement it without invoking lambda functions? I mean, just only ajax request and header based authorization.

[jfaraklit]

What do you want to achieve? Explain a bit further please.

[cleitonjar]

Hello, I created the LambdAuthApiGateway for custom authorizer in apigateway, using: exports.handler = .... // Valid the token var params = { RoleArn: 'your_arn_identity_pool, WebIdentityToken: event.authorizationToken }; AWS.config.credentials = new AWS.WebIdentityCredentials(params, function(err) { context.fail(err); console.log(err, err.stack); }); // Get credentials AWS.config.credentials.get(function(err) { if (err) { context.fail(err); } else { if (AWS.config.credentials.expired){ console.log("Token expired"); context.fail("Unauthorized"); } else { // decode with jsonwebtoken and compare iss. // mount policies for api with principalId = sub.
} } });
is correct? what do you think?

[jfaraklit]

hmm. It might be one way of doing it. You could also do with request/response as your title suggests. Something like this, you have a endpoint /login which is setup on APIG. A Lambada behind the endpoint which will be responsible for auth/STS/token management or whatever you may need. When you call to /login with correct params Lambda gets invoked behind the scene and sends you back the response.