内置的身份验证机制-API网关 [英] Inbuilt authentication mechanism - API gateway
问题描述
API网关具有内置功能以执行授权.
API gateway has in-built functionality to perform authorization.
但是awslabs提供的示例将lambda链接到API网关,其中lambda根据此
But the examples provided by awslabs have lambda hooked to API gateway, where lambda is authorizing as per this code for a below API gateway:
MyApi:
Type: AWS::Serverless::Api
Properties:
StageName: Prod
Auth:
DefaultAuthorizer: MyLambdaRequestAuthorizer
Authorizers:
MyLambdaRequestAuthorizer:
FunctionPayloadType: REQUEST
FunctionArn: !GetAtt MyAuthFunction.Arn
因此,lambda会接收客户端提供的身份验证令牌,然后对其进行授权:
So, auth token provided by client is received by lambda and then authorised:
exports.handler = async function (event) {
const token = event.queryStringParameters.auth.toLowerCase()
....
switch (token) {
case 'allow':
return generateAuthResponse('user', 'Allow', methodArn)
case 'deny':
return generateAuthResponse('user', 'Deny', methodArn)
default:
return Promise.reject('Error: Invalid token') // Returns 500 Internal Server Error
}
}
但这不是API网关提供的内置身份验证.
but this is not in-built authentication provided by API gateway.
API网关如何提供内置身份验证?
How does API gateway provide in-built authentication?
推荐答案
解决方案1:
使用API密钥创建和使用使用计划:在这种方法中,您可以使用API密钥对用户进行身份验证.请点击以下链接: API密钥方法
Create and Use Usage Plans with API Keys : In this method you can use API Keys to authenticate a user. follow this link : API Keys method
解决方案2:
您可以使用AWS Amazon Cognito服务进行身份验证.与OKTA服务相同.请点击以下链接: Amazon Cognito
You can AWS Amazon Cognito service for authentication. It is same as OKTA service. Follow this link : Amazon Cognito
这篇关于内置的身份验证机制-API网关的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!