I am using oidc as authentication in AWS Appsync. For some purpose I need the base64encoded version of JWT TOken in the resolver mapping template. Can anyone suggest any solution? Thanks in advance
You could use Custom Headers for this.
With custom headers you can pass in additional information into your request and access in your mapping templates.
Your mapping template could contain a line like:
#set($encodedToken = $utils.toJson($context.request.headers.encodedToken))
Doing this would allow you format the data as needed on the client before making the request.
I found a way here:
#set($token = $context.request.headers.get("authorization"))
Related
I have a scenario to implement when there are two authentication options one is Oauth2 and another one is custom header "x-api-key". I want to pass the request to the backend without authorization if only the x-api-key is present. Can this be achieved using a custom filter?
Currently, we don't have any option for this. But you can give a try to write a custom filter including the below code and place it before the Auth filter.
string X_API_HEADER_NAME = "x-api-key";
string SKIP_ALL_FILTERS = "skip_filters";
if (request.hasHeader(X_API_HEADER_NAME)) {
context.attributes[SKIP_ALL_FILTERS] = true;
}
I’m trying to migrate an authorization request into the authorization at the Postman collection level. The request body has an additional parameter for account_id that needs to be passed.
I’m unable to find a way to pass this additional parameter when using Oauth 2.0 client credentials flow. Is there a way to include this?
You're trying to add a new header. I don't think this is supported on the collection level, but a workaround is to use a pre-request script on the collection level:
const Header = require('postman-collection').Header
pm.request.headers.add(new Header(`account_id:${pm.environment.get('et_mid')}`))
I’m using the Istio OPA adapter to manage AuthN and AuthZ. Some of my backend services need to know who is making a given request; for example, to populate a created_by column when a given user creates something.
I’m trying to figure out an elegant way of decoding the JWT and putting the “sub” field into a “user” header before the request gets sent to the actual backend service. This way, a given service would simply need to look at the “user” header rather than dealing with parsing the JWT.
Any ideas or recommendations on how this could be accomplished are appreciated.
You should be able to add headers with Lua code in an EnovyFilter or with a Mixer filter starting in Istio 1.1.
Take a look at this issue which describes some experimenting with adding headers extracted from JWT fields to affect routing:
https://github.com/istio/istio/issues/8444.
I'm currently building a web application whose backend is purely build in API Gateway/Lambda. I build a custom JSON Web Token (JWT) authorizer to authorize the users. At the moment I'm passing token in header field.
Unfortunately, I'm only able to define a header field in which the token is send to API Gateway.My applications stores the token in a cookie.
Is there any option to access the cookie directly so that it can authenticate using lambda.
For example:
Now I'm passing:-
method.request.header.Authorizer
But I need somehting like this :-
methods.request.header.Cookie
Any workaround ? Thanks!
Now you should be able to access all the headers including Cookie header, using Custom Authorizers of the REQUEST type. Recently AWS introduced this feature to allow access to more than Token Header.
Pretty self explanatory title. I'm using API Gateway in AWS, requiring an API key to access a backend written in Django (not using lambda). I need to know how to access the API key used in the request to keep track of who did what at the app level.
You can use mapping templates and get the API Key from the $context variable, it’s the apiKey property inside the identity object: http://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-mapping-template-reference.html#context-variable-reference
Create a mapping template for your requests and include the property in it. For example, if you wanted to include the entire request body + the API Key you would do this:
{
"body": $input.json('$'),
"apiKey": "$context.identity.apiKey"
}
Depending on how your backend application is built, you could send the API key to your application in a HTTP parameter (path, query string, or header) or in the request body. Please have a read through the docs on how to move data between the two systems.
Thanks,
Ryan
Here is how I finally made it work. At the top or bottom of the template, include this line.
#set($context.requestOverride.header.x-api-key = $context.identity.apiKey)
When your backend receives this request, the api key will be in the header x-api-key.
Here is a basic mapping template that just forwards the (json) body and the header.
$input.json("$")
#set($context.requestOverride.header.x-api-key = $context.identity.apiKey)
API Gateway uses the X-API-Key header, so I like for my backend to also use that. That way I can use the same testing commands with only the URL being different.