内置的身份验证机制-API网关 [英] Inbuilt authentication mechanism - API gateway

问题描述

API网关具有内置功能以执行授权.

API gateway has in-built functionality to perform authorization.

但是awslabs提供的示例将lambda链接到API网关，其中lambda根据此

But the examples provided by awslabs have lambda hooked to API gateway, where lambda is authorizing as per this code for a below API gateway:

MyApi:
    Type: AWS::Serverless::Api
    Properties:
      StageName: Prod
      Auth:
        DefaultAuthorizer: MyLambdaRequestAuthorizer
        Authorizers:
          MyLambdaRequestAuthorizer:
            FunctionPayloadType: REQUEST
            FunctionArn: !GetAtt MyAuthFunction.Arn

---

因此，lambda会接收客户端提供的身份验证令牌，然后对其进行授权:

---

So, auth token provided by client is received by lambda and then authorised:

exports.handler = async function (event) {
  const token = event.queryStringParameters.auth.toLowerCase()

  ....

     switch (token) {
    case 'allow':
      return generateAuthResponse('user', 'Allow', methodArn)
    case 'deny':
      return generateAuthResponse('user', 'Deny', methodArn)
    default:
      return Promise.reject('Error: Invalid token') // Returns 500 Internal Server Error
  }
}

但这不是API网关提供的内置身份验证.

but this is not in-built authentication provided by API gateway.

API网关如何提供内置身份验证?

How does API gateway provide in-built authentication?

推荐答案

解决方案1:

使用API​​密钥创建和使用使用计划:在这种方法中，您可以使用API​​密钥对用户进行身份验证.请点击以下链接: API密钥方法

Create and Use Usage Plans with API Keys : In this method you can use API Keys to authenticate a user. follow this link : API Keys method

解决方案2:

您可以使用AWS Amazon Cognito服务进行身份验证.与OKTA服务相同.请点击以下链接: Amazon Cognito

You can AWS Amazon Cognito service for authentication. It is same as OKTA service. Follow this link : Amazon Cognito

这篇关于内置的身份验证机制-API网关的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！