Is there a way to use Basic authentication rather than AWS4-HMAC-SHA256 authentication with the AWS API Gateway Service? I need to support a system that only supports webhook calls with Basic Authentication.
Does AWS API Gateway Support Basic Authorization?
Asked Answered
When you say AWS API, are you referring to AWS API Gateway or AWS services such as S3? –
Genitourinary
Sorry, I meant AWS API Gateway. –
Chatoyant
You just need to modify the 401 Unauthorized response template so that it contains the WWW-Authenticate header set to 'Basic'. Apart from that, you'll need to create a custom authorizer that verifies that the provided credentials are correct. You can find more info here
Note: the linked resource has one bug in its authorizer code. On line 2, you'll need to change
event.headers.Authorization to event.headers.authorization (lowercase). –
Fiske This isn't a bug. He sets 'Authorization' with an uppercase 'A' under the identity sources when creating the authorizer in API-Gateway. –
Beseech
In fact, it is a bug. While they do use the uppercase when configuring the route (in accordance with the spec[0]), the ApiGateway or Lambda infrastructure lowercases the header for delivery in the event (in accordance with http/2[1]). [0] rfc-editor.org/rfc/rfc9110#field.authorization [1] rfc-editor.org/rfc/rfc7540#section-8.1.2 –
Disjoin
You can configure an API Gateway to support Basic auth, and API Gateway supports integrations with any AWS service.
Setting up Basic auth in API Gateway requires a few steps. Check this post and search down to BobK@AWS response: https://forums.aws.amazon.com/thread.jspa?messageID=799091&tstart=0
© 2022 - 2024 — McMap. All rights reserved.