Lambda Authorizer
A Lambda Authorizer configured like in the Authorizer guide can help integrate Supertokens with an AppSync service.
1. Set up the AppSync service
Set up the AppSync service with an API key authorization. For more details, please see the AWS documentation.
2. Configure the API Gateway with the authorizer
Follow the Authorizer guide to set up the API Gateway with the /auth
, and /graphql
resources set up. /auth
should be pointed to a lambda that handles the auth APIs.
When setting up the POST method on /graphql
, you should use the following settings:
- Integration type: AWS service
- AWS Region: the region of the AppSync service
- AWS Service: AppSync Data Plane
- AWS Subdomain: the part of the domain of the GraphQL service before
.appsync-api.
- HTTP method: POST
- Action type: Use path override
- Path override:
/graphql
- Execution role: the ARN of an execution role that is authorized to call the AppSync service (e.g.:
AWSAppSyncInvokeFullAccess
)
3. Set up the integration headers
Configure the "Integration Request" of the /graphql
POST method.
- Add
HTTP Header
mappings:- "x-api-key": The API key of the App Sync service, wrapped in single quotes.
- "x-user-id":
context.authorizer.principalId
, without quotes.
4. Consume the context in resolvers
You can access the headers you mapped above in resolvers through the context. (e.g., $context.request.headers.custom) For more information, please see the resolver context docs.