As part of a recent project, I was trying to get the parameters from a REST call on AWS API Gateway in a Go Lambda. I found the documentation to be a bit scattered and hard to find so I have documented what I learned. The answer is simple so hopefully this doc helps someone else who struggled with the docs. API Gateway to Lambda Integration There are two main ways of invoking a Lambda from an API Gateway endpoint. All of my code uses proxy integration. There’s a section here that describes the differences, and as far as I [Read on…]
Month: February 2020
Google Sign In and Refresh
One of the dark corners of the OAuth experience is refresh tokens. Every time I play with OAuth based authentication, refresh bites me. Assume some level of hand waving and simplification in what follows as I’m not trying to be perfectly detailed about OAuth. OAuth and Refresh Tokens The way OAuth2 generally works is that after a successful authentication two tokens are generated, an access token and a refresh token. The access token is used to access a service. For example, to make a REST call the developer would include the access token in the header. Access tokens have an [Read on…]
AWS API Gateway & Access Tokens
AWS supports authenticating API calls using a token issued by Cognito authentication. This allows for good integration of identity into AWS APIs. Setting up the integration is relatively easy, create an authorizer of type COGNITO_USER_POOLS and attach it to the endpoint. Now provide the id token from a Cognito authorization response in a request through the Authorization header and the call will succeed. Without that header, or with an invalid value, the gateway will reject the call with a 403 error. That’s the simple path, unfortunately OAuth doesn’t have just one token and using the id token for this is [Read on…]