我已经创建了一个api网关方法并进行了部署。之后我创建了一个自定义授权器并用api网关方法绑定它。当我通过自定义域链接调用api网关方法时,我收到 {"消息":"未授权"} 错误。如果我通过它的工具测试自定义授权器,那么它可以正常工作。
如果我使用自定义域调用没有自定义授权程序,那么它可以正常工作。我还检查了api网关日志,但是如果使用自定义授权程序调用api,则不会创建日志。
我在lambda节点js脚本下面使用自定义授权器 -
`
console.log('Loading function');
exports.handler = (event, context, callback) => {
console.log("event = "+event);
console.log("token = "+event.authorizationToken);
console.log("method = "+event.methodArn);
var token = event.authorizationToken;
// Call oauth provider, crack jwt token, etc.
// In this example, the token is treated as the status for simplicity.
switch (token.toLowerCase()) {
case 'allow':
callback(null, generatePolicy('user', 'Allow', event.methodArn));
break;
case 'deny':
callback(null, generatePolicy('user', 'Deny', event.methodArn));
break;
case 'unauthorized':
callback("Unauthorized"); // Return a 401 Unauthorized response
break;
default:
callback("Error: Invalid token");
}
};
var generatePolicy = function(principalId, effect, resource) {
var authResponse = {};
authResponse.principalId = principalId;
if (effect && resource) {
var policyDocument = {};
policyDocument.Version = '2012-10-17'; // default version
policyDocument.Statement = [];
var statementOne = {};
statementOne.Action = 'execute-api:Invoke'; // default action
statementOne.Effect = effect;
statementOne.Resource = resource;
policyDocument.Statement[0] = statementOne;
authResponse.policyDocument = policyDocument;
}
// Can optionally return a context object of your choosing.
authResponse.context = {};
authResponse.context.stringKey = "stringval";
authResponse.context.numberKey = 123;
authResponse.context.booleanKey = true;
return authResponse;
}
`
在标题中,我传递参数 -
'type: TOKEN',
'authorizationToken: allow',
'methodArn: arn:aws:execute-api:us-east-1:accountId:app_id/*/GET/users/*'
所以请告诉我,我在哪里做错了。
提前致谢。