Skip to main content

Lambda Authorizer

A Lambda Authorizer configured like in the Authorizer guide can help integrate Supertokens with an AppSync service.

1) Set up the AppSync service#

Set up the AppSync service with an API key authorization. For more details, please see the AWS documentation.

2) Configure the API Gateway with the authorizer#

Follow the Authorizer guide to set up the API Gateway with the /auth, and /graphql resources set up. /auth should be pointed to a lambda that handles the auth APIs as shown here.

When setting up the POST method on /graphql, you should use the following settings:

  • Integration type: AWS service
  • AWS Region: the region of the AppSync service
  • AWS Service: AppSync Data Plane
  • AWS Subdomain: the part of the domain of the GraphQL service before .appsync-api.
  • HTTP method: POST
  • Action type: Use path override
  • Path override: /graphql
  • Execution role: the ARN of an execution role that is authorized to call the AppSync service (e.g.: AWSAppSyncInvokeFullAccess)

3) Set up the integration headers#

Configure the "Integration Request" of the /graphql POST method.

  • Add HTTP Header mappings:
    • "x-api-key": The API key of the App Sync service, wrapped in single quotes.
    • "x-user-id": context.authorizer.principalId, without quotes.

4) Consume the context in resolvers#

You can access the headers you mapped above in resolvers through the context. (e.g., $context.request.headers.custom) For more information, please see the resolver context docs.

Which frontend SDK do you use?
supertokens-web-js / mobile
supertokens-auth-react