Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

custom authorizer headers

See original GitHub issue

I’m attempting to use a custom authorizer for browser clients and haven’t had much luck getting it to work. Turns out on further inspection I’m not seeing any of the custom authorization headers getting sent when attempting to connect.

Am I missing something?

client setup:

this.client = awsIoT.device({
      debug: true,
      protocol: 'wss-custom-auth',
      host: 'xxxxxxxxxxx.iot.us-west-2.amazonaws.com',
      customAuthHeaders: {
        'X-Amz-CustomAuthorizer-Name': 'test-authorizer',
        'X-Amz-CustomAuthorizer-Signature': 'xxxxxxxxxxxxxxxxx',
        'TestAuthorizerToken': 'xxxxxxxxxxx'
      }
    });

Issue Analytics

State:
Created 6 years ago
Reactions:6
Comments:28 (8 by maintainers)

Top GitHub Comments

6reactions

mlfarrellcommented, Jan 18, 2018

Put me on the list of people who definitely need custom auth in a browser and are requesting it. I’ve heard (albeit I’m not a websockets expert) that there is a way to embed the info in the URL itself. Once it is possible, please add some kind of custom auth support to the SDK in the browser.

4reactions

mooyoulcommented, May 8, 2018

We had this issue too.

since that issue is caused by limitation of browser-side websocket implementation, we’ve migrated our custom authorizer to pre-signed url with temporary credential which is came from STS service. the temporary credential can be issued with STS.assumeRole in lambda (Trusted Relationship was configured. policy can be limited by providing policy document when calling STS.assumeRole like custom authorizer does)