没有自定义授权者的AWS Lambda基本身份验证 [英] AWS lambda basic-authentication without custom authorizer

问题描述

我无法为用Node.js编写的AWS lambda函数设置基本身份验证.

I have a problem with setting up the basic authentication for my AWS lambda function written in Node.js.

问题:
AWS lambda函数，它是附加服务的代理.此功能仅转发整个请求，并向用户提供整个响应.这就是为什么我需要强制使用Authentication标头，并且希望有一个提示窗口来传递凭据:

The problem:
AWS lambda function which is a proxy for an additional service. This function only forwards the whole request and give the user the whole response. That's why I need to force the usage of the Authentication header and I would like to have the prompt window for passing the credentials: https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication

除了我的lambda函数的代理部分之外，我还关注身份验证问题，并编写了以下代码:

Apart from the proxy part of my lambda function, I focused on the problem with authentication and I have written this code:

export const proxy = async (event) => {
    const authorizationHeader = event.headers.Authorization;
    if (typeof authorizationHeader === undefined) {
        throw new Error("Unauthorized");
    }
    ...
};

service:
  name: proxy-auth-test

plugins:
  - serverless-webpack

provider:
  name: aws
  runtime: nodejs8.10
  memorySize: 128
  timeout: 10

functions:
  proxy-async:
    handler: handler.proxy
    events:
      - http:
          method: get
          path: api/proxy

resources:
  Resources:
    GatewayResponse:
      Type: 'AWS::ApiGateway::GatewayResponse'
      Properties:
        ResponseParameters:
          gatewayresponse.header.WWW-Authenticate: "'Basic'"
        ResponseType: UNAUTHORIZED
        RestApiId:
          Ref: 'ApiGatewayRestApi'
        StatusCode: '401'

端点正常工作，但是我无法获得用于传递凭据的提示窗口.我根据此GatewayResponse > https://medium.com/@Da_vidgf/http-basic-auth-with-api-gateway-and-serverless-5ae14ad0a270 ，但我不想提供额外的lambda函数，该函数仅负责授权的用户.

The endpoint is working properly, but I can't get the prompt window for passing the credentials. I set up the GatewayResponse according to this https://medium.com/@Da_vidgf/http-basic-auth-with-api-gateway-and-serverless-5ae14ad0a270 but I don't wanna provide the additional lambda function which is responsible only for authorization of the users.

就我而言，我无法在执行最终的lambda函数之前对用户进行授权，因为该函数仅转发请求(也包括凭据)，仅此而已.

In my case, I can't authorize the users before executing the final lambda function because this function only forwards the request (credentials too), nothing more.

是否有人试图通过提示窗口设置基本身份验证，而没有使用无服务器和AWS lambda的额外授权者?

Has anyone ever tried to setup basic auth with the prompt window without the additional authorizer with the usage of serverless and AWS lambda?

推荐答案

从集成返回响应时，WWW-Authenticate将重新映射为X-Amzn-Remapped-WWW-Authenticate(1).浏览器将不会处理此重新映射的标头，因此不会显示提示.

When returning a response from an integration the WWW-Authenticate is remapped to X-Amzn-Remapped-WWW-Authenticate (1). Browsers will not handle this remapped header so they don't show a prompt.

这意味着您必须按照HTTP引用级别将授权逻辑移至Lambda Authorizer，然后将"unauthorized"返回到回调，如您所引用的媒体链接中所述.到目前为止，这是返回WWW-Authenticate标头的唯一方法.

This means that you have to move your authorization logic to the Lambda Authorizer at a HTTP request level and return 'unauthorized' to the callback as stated in the medium link that you referenced. This is the only way to return a WWW-Authenticate header as of now.

来源:

1: https://docs. aws.amazon.com/apigateway/latest/developerguide/api-gateway-known-issues.html

这篇关于没有自定义授权者的AWS Lambda基本身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！