We have a set of microservices running in AWS/EKS/istio environment. These are used by other services (not users).
I am trying to use the AWS API Gateway to protect them as per the tutorial here → Secure AWS API Gateway Endpoints Using Custom Authorizers
The standalone lambda function works fine. here is the output->
{ "principalId": "jXNmQMqe896YQyROeih0L2IEWlXqBUiP@clients", "policyDocument": { "Version": "2012-10-17", "Statement": [ { "Action": "execute-api:Invoke", "Effect": "Allow", "Resource": "arn:aws:execute-api:eu-central-1:482548117076:99fpylmfz8/*/GET/pets" } ] }, "context": {} }
however, when im testing the custom-authorizer under the API GW pane, i get this error->
Execution log for request 0f605e1a-b4cb-4974-9040-b087d9188d9b
Thu May 06 03:30:13 UTC 2021 : Unauthorized request: 0f605e1a-b4cb-4974-9040-b087d9188d9b
Thu May 06 03:30:13 UTC 2021 : Unauthorized
im using the same token for both tests.
{ "iss": "https://dev-odrhykch.eu.auth0.com/", "sub": "jXNmQMqe896YQyROeih0L2IEWlXqBUiP@clients", "aud": "api-gw-umapati", "iat": 1620271010, "exp": 1620357410, "azp": "jXNmQMqe896YQyROeih0L2IEWlXqBUiP", "gty": "client-credentials", "permissions": [] }
I did notice that the permission field is blank in the token. However, the API is protected using the below scope:
Assuming this is the cause of the issue, how do i get the permission updated in the access token? Since I am using the client id/secret to get one, I am not sure how do I go about assigning a role to this client id.
Pls advise.
