Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Support for Multiple authorizers

See original GitHub issue

This is a Feature Proposal

Description

Be able to specify multiple authorizers for a single api end point:

At the moment we are restricted to have only one (at least I could not find in the docs how to specify multiples), example:

- http:
    path: graphql
    method: post
    cors:
      origins:
        - '*'
    authorizer:
      arn: arn:aws:cognito-idp:us-east-1:XXXXX:userpool/us-east-XXXXXX
      identitySource: method.request.header.Authorization

I can configure multiple authorizers using the API Gateway Web UI.

In my case I have 2 UserPools and also Facebook authentication (that I’ll implement as a custom authorizer). A user authenticated in any of these should be able to access the API.

Issue Analytics

State:
Created 6 years ago
Comments:6 (2 by maintainers)

Top GitHub Comments

6reactions

crcommonscommented, Sep 24, 2020

@AshUK How do you assign multiple user pools to an API gateway with serverless?

3reactions

HyperBraincommented, Jun 14, 2017

I think you can only set one authorizer per APIG endpoint. Nevertheless, you can create multiple authorizers and assign them to different endpoints.

The AWS documentation refers to a single authorizer in the method configurations only. E.g. here:

Choose one of the available Amazon Cognito User Pool authorizers from the drop-down list. http://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-integrate-with-cognito.html

Under Authorization Settings, expand the Authorization drop-down list to select the custom authorizer you just created (myTestApiAuthorizer), and then choose the checkmark icon to save the choice. http://docs.aws.amazon.com/apigateway/latest/developerguide/use-custom-authorizer.html

IMO, to support all of the authentication methods on a single endpoint, you’d have to write your own custom authorizer, that internally evaluates the Authorization header and does the access control validation for the needed authentication providers internally.

Top Results From Across the Web

Introducing custom authorizers in Amazon API Gateway

An API can have multiple custom authorizers and each method within your API can use a different authorizer. For example, the POST method...

Use multiple API Gateway authorizers | AWS re:Post

Hello All, Is there a way to use multiple authorizers in API Gateway or chain the authorizers. For instance, check the signed headers...

Multiple authorizer types for one endpoint in serverless

I'm doing some experimenting with serverless and authorizers for my API. I have a usecase where I have two different apps, one iOS...

[Solved] Multiple custom authorizers for one gateway?

Hi! I was hoping to deploy an API Gateway with two endpoints, each using a different Custom Authorizer lambda. I have the authorizer...

Introduction to Multiple Authorizers - NACSA

While NACSA strongly recommends the presence of multiple authorizers, an authorizing structure only works if it creates a quality chartering ecosystem that ...