The following is a simple TOKEN authorizer example to demonstrate how to use an authorization token to allow or deny a request. In this example, the caller named "user" is allowed to invoke a request if the client-supplied token value is "allow". The caller is not allowed to invoke the request if the token value is "deny". If the token value is "Unauthorized", the function returns the "Unauthorized" error with an HTTP status code of 401. For any other token value, the authorizer returns an "Invalid token" error.
This example is based on the JavaScript sample from the API Gateway documentation
package main
import (
"context"
"errors"
"strings"
"github.com/aws/aws-lambda-go/events"
"github.com/aws/aws-lambda-go/lambda"
)
// Help function to generate an IAM policy
func generatePolicy(principalId, effect, resource string) events.APIGatewayCustomAuthorizerResponse {
authResponse := events.APIGatewayCustomAuthorizerResponse{PrincipalID: principalId}
if effect != "" && resource != "" {
authResponse.PolicyDocument = events.APIGatewayCustomAuthorizerPolicy{
Version: "2012-10-17",
Statement: []events.IAMPolicyStatement{
{
Action: []string{"execute-api:Invoke"},
Effect: effect,
Resource: []string{resource},
},
},
}
}
// Optional output with custom properties of the String, Number or Boolean type.
authResponse.Context = map[string]interface{}{
"stringKey": "stringval",
"numberKey": 123,
"booleanKey": true,
}
return authResponse
}
func handleRequest(ctx context.Context, event events.APIGatewayCustomAuthorizerRequest) (events.APIGatewayCustomAuthorizerResponse, error) {
token := event.AuthorizationToken
switch strings.ToLower(token) {
case "allow":
return generatePolicy("user", "Allow", event.MethodArn), nil
case "deny":
return generatePolicy("user", "Deny", event.MethodArn), nil
case "unauthorized":
return events.APIGatewayCustomAuthorizerResponse{}, errors.New("Unauthorized") // Return a 401 Unauthorized response
default:
return events.APIGatewayCustomAuthorizerResponse{}, errors.New("Error: Invalid token")
}
}
func main() {
lambda.Start(handleRequest)
}