amazon-web-services - Invalid Json in AWS Custom Authorize .Net Core
问题描述
I have built a custom authorizer for AWS in .net core. When testing it from API Gateway Console I am receiving ResponseCode 500 with this error.
Execution log for request 0566bf99-cfb5-11e8-b203-65db1a667292
Sun Oct 14 13:28:22 UTC 2018 : Starting authorizer: i07xnl for request: 0566bf99-cfb5-11e8-b203-65db1a667292
Sun Oct 14 13:28:22 UTC 2018 : Incoming identity: **ds
Sun Oct 14 13:28:22 UTC 2018 : Endpoint request URI: https://lambda.us-west-2.amazonaws.com/2015-03-31/functions/arn:aws:lambda:us-west-2:278483347755:function:GetPolicy/invocations
Sun Oct 14 13:28:22 UTC 2018 : Endpoint request headers: {x-amzn-lambda-integration-tag=0566bf99-cfb5-11e8-b203-65db1a667292, Authorization=************************************************************************************************************************************************************************************************************************************************************************************************************************4e3e8c, X-Amz-Date=20181014T132822Z, x-amzn-apigateway-api-id=k8ate5przg, X-Amz-Source-Arn=arn:aws:execute-api:us-west-2:278483347755:k8ate5przg/authorizers/i07xnl, Accept=application/json, User-Agent=AmazonAPIGateway_k8ate5przg, X-Amz-Security-Token=FQoGZXIvYXdzEA0aDBDj/T/Y58E+lkgRcyK3A5EXzDygzB0DzIFN36D/LMM0uCMn70NDKnpualhTEKEe8Zj/a6/nSFVwDSmQty8r2b/ezWcJoQCQztPHDiTFFu7I/4vvoGuH6P3REduQn8knZGVkBAOFTi/EIcnLNBoWjWQXrO8BszGKdoykJ3BrTIq+2dbyfOUdIcmCwGGyC/UzGn5B+fkNcSJT94yfemVcfEiuncnx6snRekDYzRZWXW1+ZzxPoMINpykNTYbKCnG5pNzPF7j2xxH7zyfYtmsVaMaq5zBGqT3eGzUonM4k/7FIRwOB6SxRUIHrO/fboa3QW+z7+iQEtqWg7DDO [TRUNCATED]
Sun Oct 14 13:28:22 UTC 2018 : Endpoint request body after transformations: {"type":"TOKEN","methodArn":"arn:aws:execute-api:us-west-2:278483347755:k8ate5przg/ESTestInvoke-stage/GET/","authorizationToken":"sdds"}
Sun Oct 14 13:28:22 UTC 2018 : Sending request to https://lambda.us-west-2.amazonaws.com/2015-03-31/functions/arn:aws:lambda:us-west-2:278483347755:function:GetPolicy/invocations
Sun Oct 14 13:28:24 UTC 2018 : Authorizer result body before parsing: {"Version":"10/14/18","Statement":[{"Effect":"Allow","Action":["apigateway: POST"],"Resource":["arn:aws:lambda:us-west-2:278483347755:function:GetPolicy"]}]}
Sun Oct 14 13:28:24 UTC 2018 : Execution failed due to configuration error: Invalid JSON in response: {"Version":"10/14/18","Statement":[{"Effect":"Allow","Action":["apigateway: POST"],"Resource":["arn:aws:lambda:us-west-2:278483347755:function:GetPolicy"]}]}
Sun Oct 14 13:28:24 UTC 2018 : AuthorizerConfigurationException
The Invalid Json is this:
{
"Version": "10/14/18",
"Statement": [{
"Effect": "Allow",
"Action": ["apigateway: POST"],
"Resource": ["arn:aws:lambda:us-west-2:278483347755:function:GetPolicy"]
}]
}
To me this seems Okay. Here, Action value is taken from AWS documentation and Resource is the ARN for my custom authorizer lambda method.
解决方案
对于自定义授权 lambda,响应不正确。
您可以在此处查看完整的详细信息(https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-lambda-authorizer-output.html),但是对于您的示例,您需要返回:
{
"principalId": "user",
"policyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Action": "execute-api:Invoke",
"Effect": "Allow",
"Resource": "arn:aws:execute-api:us-west-2:278483347755:k8ate5przg/ESTestInvoke-stage/GET/"
}
]
}
}
具体来说,您需要将您的策略嵌套在一个policyDocument
键中,并且您授予的权限不是能够POST
访问 API 网关,而是允许调用网关后面的功能。
推荐阅读
- applescript - Xcode11 和 Catalina 中的 AppleScript
- django - 搜索标记传单地图
- azure - 日常导入导出 Azure SQL 数据库
- android - 链接资源丢失错误将 androidx 首选项从 1.0.0 更新到 1.1.0
- java - 无法从 GAE 的 java 邮件 APi 发送邮件
- git - 我可以在提交到 git 之前进行分支吗?
- python - 手动运行 sendgrid 脚本,但在 crontab 下运行时失败
- python-3.x - Nginx + uWSGI + django NoModuleFoundError: No module named 'saleor'
- ubuntu - 在 ubuntu 上为 gtkmm 和 gtk+ 配置 eclipse
- c# - 将字符串转换为 Aspose.Cells.Name