A company is using AWS to develop and manage its production web application. The application includes an Amazon API Gateway HTTP API that invokes an AWS Lambda function. The Lambda function processes and then stores data in a database.
The company wants to implement user authorization for the web application in an integrated way. The company already uses a third-party identity provider that issues OAuth tokens for the company’s other applications.
Which solution will meet these requirements?
Integrating the company's third-party identity provider with API Gateway and configuring an API Gateway Lambda authorizer to validate tokens from the identity provider is the best approach. This allows for seamless integration of the existing identity provider, which issues OAuth tokens, with the API Gateway. The Lambda authorizer can validate these tokens, ensuring secure user authorization. Requiring the Lambda authorizer on all API routes and updating the web application to include tokens in the Authorization header ensures that every API request is properly authenticated.
A API GW + integrated Lambda Authorizor for Authen. and Author.
A It is reasonable to configure the API Gateway Lambda authorizer to validate tokens from identity providers.
A, for sure. Lambda authorizers can integrate with external identity providers, including OAuth2, OpenID Connect, and others, to validate tokens or credentials.