quambo quambo - 3 months ago 73x
Node.js Question

Access user data in AWS lambda function with custom authorizer

I got a nodeJS lambda function which returns database data and I'd like to filter that data based on the user. I created a custom authorizer lambda function which gets the user for a JWT token, but I couldn't find a way to pass data from the authorizer function to the database function, except for principalId (user.id).

What possibilities do I have here? Do I need to setup cognito? Or is there another possibility?


It seems you have a couple of options.

1) You can place all the information about the user you need into the principal id that is set in the custom authorizer function. So maybe you could serialize the user as json or if you need just a couple of ids then concatenate them together with special character like: principalId: "userId|organizationId". I believe that there is some caching that API Gateway does around that principal id that is returned so I wouldn't make it anything that could be highly dynamic. You could also turn off caching for authorization as well, but that would slow down that endpoint as a result.

2) Just pass the user id and do the user lookup again to get all the information in the function that does the database call. If you're using DynamoDB it will be fast supposedly.

And Cognito seems nice but I don't think it will help you solve the particular problem that you're having now. If it was me though I would choose option 2.