AWS API Gateway自定义授权者AuthorizerConfigurationException [英] AWS API Gateway Custom Authorizer AuthorizerConfigurationException

问题描述

对于Kinesis流，我使用AWS API Gateway创建了代理API.我添加了使用python Lambda作为代理的自定义授权者. 在发布lambda函数和部署API之后，我能够使用Gateway Test功能成功测试API.我可以在cloudwatch中看到日志，其中包含来自自定义身份验证lambda函数的详细打印信息.身份验证成功后，API Gateway将记录推送到我的Kinesis流中.

但是，当我从Chrome Postman客户端调用相同的API时，出现 500 Internal Server Error ，并且响应标头包括 X-Cache→cloudfront错误，x-amzn-ErrorType→AuthorizerConfigurationException >

For a Kinesis stream, I created a proxy API using AWS API Gateway. I added a custom authorizer using python Lambda for the proxy. After publish of lambda function and deploy of API, I was able to successfully test the API using Gateway Test functionality. I could see the logs in cloudwatch which had detailed prints from custom auth lambda function. After successful authentication, API Gateway pushed the record to my Kinesis stream

However when I call the same API from Chrome Postman client, I get 500 Internal Server Error and response headers includes X-Cache → Error from cloudfront, x-amzn-ErrorType → AuthorizerConfigurationException

Lambda auth函数返回允许对我的API执行请求的策略.返回的政策文件为:

Lambda auth function returns the policy which allows execute request for my API. Policy Document returned is:

            {
              "policyDocument": {
                "Version": "2012-10-17",
                "Statement": [
                  {
                    "Action": "execute-api:Invoke",
                    "Resource": [
                      "arn:aws:execute-api:us-east-1:1234567:myapiId/staging/POST/*"
                    ],
                    "Effect": "Allow"
                  }
                ]
              },
              "principalId": "Foo"
            }

为什么Chrome或curl无法使请求失败，但是API Gateway可以正常进行相同的API测试?

Why does the request fail from Chrome or curl but the same API test works fine from API Gateway?

推荐答案

找出导致问题的原因.从python lambda函数，我正在返回一个json字符串实例.相反，它应该是json对象. 奇怪的是，当我从API网关的测试"功能测试API时，相同的lambda函数没有出错.但是当从互联网(curl或chrome)调用该API时，它失败了.

Figured out what was causing the issue. From python lambda function, I was returning a json string instance. Instead it should be json object. Its strange that the same lambda function did not error when I tested the API from API Gateway "test" feature. But when the API was called from internet (curl or chrome) it failed.

#return policy_string ... this is incorrect.
return json.loads(policy_string)

这篇关于AWS API Gateway自定义授权者AuthorizerConfigurationException的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！