Menu
We have our API behind the AWS HTTP API gateway with a custom Lambda authorizer. Our JWT token contains an expiration time and base on that we have to return 401 when it is expired to tell the client to use his refresh token to update JWT.
Lambda authorizer returns only 403 even if the token is present but it is expired. So in this case we don't have a possibility to force users for token updates it is confusing a lot. It seems like your permissions just not allow you to reach the API URL instead of telling you that your token is expired.
With REST ApiGateway it seems possible but we can't use it because it doesn't work with APL, and this is a requirement.
Is it possible to return 401 from HTTP API Gateway custom Lambda authorizer?
625
It is possible, but it is not possible to customise the error message.
Depending on your function use either:
callback("Unauthorized", null);
or
throw new Error('Unauthorized');
Both of these will produce a 401 response.
See https://github.com/awslabs/aws-apigateway-lambda-authorizer-blueprints/blob/master/blueprints/nodejs/index.js
171
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
