AWS Custom Authorize .Net Core 中的无效 Json
Invalid Json in AWS Custom Authorize .Net Core
我已经在 .net 核心中为 AWS 构建了一个自定义授权器。从 API 网关控制台对其进行测试时,我收到带有此错误的 ResponseCode 500。
Execution log for request 0566bf99-cfb5-11e8-b203-65db1a667292
Sun Oct 14 13:28:22 UTC 2018 : Starting authorizer: i07xnl for request: 0566bf99-cfb5-11e8-b203-65db1a667292
Sun Oct 14 13:28:22 UTC 2018 : Incoming identity: **ds
Sun Oct 14 13:28:22 UTC 2018 : Endpoint request URI: https://lambda.us-west-2.amazonaws.com/2015-03-31/functions/arn:aws:lambda:us-west-2:278483347755:function:GetPolicy/invocations
Sun Oct 14 13:28:22 UTC 2018 : Endpoint request headers: {x-amzn-lambda-integration-tag=0566bf99-cfb5-11e8-b203-65db1a667292, Authorization=************************************************************************************************************************************************************************************************************************************************************************************************************************4e3e8c, X-Amz-Date=20181014T132822Z, x-amzn-apigateway-api-id=k8ate5przg, X-Amz-Source-Arn=arn:aws:execute-api:us-west-2:278483347755:k8ate5przg/authorizers/i07xnl, Accept=application/json, User-Agent=AmazonAPIGateway_k8ate5przg, X-Amz-Security-Token=FQoGZXIvYXdzEA0aDBDj/T/Y58E+lkgRcyK3A5EXzDygzB0DzIFN36D/LMM0uCMn70NDKnpualhTEKEe8Zj/a6/nSFVwDSmQty8r2b/ezWcJoQCQztPHDiTFFu7I/4vvoGuH6P3REduQn8knZGVkBAOFTi/EIcnLNBoWjWQXrO8BszGKdoykJ3BrTIq+2dbyfOUdIcmCwGGyC/UzGn5B+fkNcSJT94yfemVcfEiuncnx6snRekDYzRZWXW1+ZzxPoMINpykNTYbKCnG5pNzPF7j2xxH7zyfYtmsVaMaq5zBGqT3eGzUonM4k/7FIRwOB6SxRUIHrO/fboa3QW+z7+iQEtqWg7DDO [TRUNCATED]
Sun Oct 14 13:28:22 UTC 2018 : Endpoint request body after transformations: {"type":"TOKEN","methodArn":"arn:aws:execute-api:us-west-2:278483347755:k8ate5przg/ESTestInvoke-stage/GET/","authorizationToken":"sdds"}
Sun Oct 14 13:28:22 UTC 2018 : Sending request to https://lambda.us-west-2.amazonaws.com/2015-03-31/functions/arn:aws:lambda:us-west-2:278483347755:function:GetPolicy/invocations
Sun Oct 14 13:28:24 UTC 2018 : Authorizer result body before parsing: {"Version":"10/14/18","Statement":[{"Effect":"Allow","Action":["apigateway: POST"],"Resource":["arn:aws:lambda:us-west-2:278483347755:function:GetPolicy"]}]}
Sun Oct 14 13:28:24 UTC 2018 : Execution failed due to configuration error: Invalid JSON in response: {"Version":"10/14/18","Statement":[{"Effect":"Allow","Action":["apigateway: POST"],"Resource":["arn:aws:lambda:us-west-2:278483347755:function:GetPolicy"]}]}
Sun Oct 14 13:28:24 UTC 2018 : AuthorizerConfigurationException
无效的Json是这样的:
{
"Version": "10/14/18",
"Statement": [{
"Effect": "Allow",
"Action": ["apigateway: POST"],
"Resource": ["arn:aws:lambda:us-west-2:278483347755:function:GetPolicy"]
}]
}
对我来说这似乎还可以。在这里,Action 值取自 AWS 文档,Resource 是我的自定义授权方 lambda 方法的 ARN。
自定义授权 lambda 的响应不正确。
您可以在此处查看完整的详细信息 (https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-lambda-authorizer-output.html),但是对于您的示例,您需要 return:
{
"principalId": "user",
"policyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Action": "execute-api:Invoke",
"Effect": "Allow",
"Resource": "arn:aws:execute-api:us-west-2:278483347755:k8ate5przg/ESTestInvoke-stage/GET/"
}
]
}
}
具体来说,您需要将策略嵌套在 policyDocument 密钥中,并且您授予的权限是 而不是 以便能够 POST API 网关,但允许调用网关后面的功能。
我已经在 .net 核心中为 AWS 构建了一个自定义授权器。从 API 网关控制台对其进行测试时,我收到带有此错误的 ResponseCode 500。
Execution log for request 0566bf99-cfb5-11e8-b203-65db1a667292
Sun Oct 14 13:28:22 UTC 2018 : Starting authorizer: i07xnl for request: 0566bf99-cfb5-11e8-b203-65db1a667292
Sun Oct 14 13:28:22 UTC 2018 : Incoming identity: **ds
Sun Oct 14 13:28:22 UTC 2018 : Endpoint request URI: https://lambda.us-west-2.amazonaws.com/2015-03-31/functions/arn:aws:lambda:us-west-2:278483347755:function:GetPolicy/invocations
Sun Oct 14 13:28:22 UTC 2018 : Endpoint request headers: {x-amzn-lambda-integration-tag=0566bf99-cfb5-11e8-b203-65db1a667292, Authorization=************************************************************************************************************************************************************************************************************************************************************************************************************************4e3e8c, X-Amz-Date=20181014T132822Z, x-amzn-apigateway-api-id=k8ate5przg, X-Amz-Source-Arn=arn:aws:execute-api:us-west-2:278483347755:k8ate5przg/authorizers/i07xnl, Accept=application/json, User-Agent=AmazonAPIGateway_k8ate5przg, X-Amz-Security-Token=FQoGZXIvYXdzEA0aDBDj/T/Y58E+lkgRcyK3A5EXzDygzB0DzIFN36D/LMM0uCMn70NDKnpualhTEKEe8Zj/a6/nSFVwDSmQty8r2b/ezWcJoQCQztPHDiTFFu7I/4vvoGuH6P3REduQn8knZGVkBAOFTi/EIcnLNBoWjWQXrO8BszGKdoykJ3BrTIq+2dbyfOUdIcmCwGGyC/UzGn5B+fkNcSJT94yfemVcfEiuncnx6snRekDYzRZWXW1+ZzxPoMINpykNTYbKCnG5pNzPF7j2xxH7zyfYtmsVaMaq5zBGqT3eGzUonM4k/7FIRwOB6SxRUIHrO/fboa3QW+z7+iQEtqWg7DDO [TRUNCATED]
Sun Oct 14 13:28:22 UTC 2018 : Endpoint request body after transformations: {"type":"TOKEN","methodArn":"arn:aws:execute-api:us-west-2:278483347755:k8ate5przg/ESTestInvoke-stage/GET/","authorizationToken":"sdds"}
Sun Oct 14 13:28:22 UTC 2018 : Sending request to https://lambda.us-west-2.amazonaws.com/2015-03-31/functions/arn:aws:lambda:us-west-2:278483347755:function:GetPolicy/invocations
Sun Oct 14 13:28:24 UTC 2018 : Authorizer result body before parsing: {"Version":"10/14/18","Statement":[{"Effect":"Allow","Action":["apigateway: POST"],"Resource":["arn:aws:lambda:us-west-2:278483347755:function:GetPolicy"]}]}
Sun Oct 14 13:28:24 UTC 2018 : Execution failed due to configuration error: Invalid JSON in response: {"Version":"10/14/18","Statement":[{"Effect":"Allow","Action":["apigateway: POST"],"Resource":["arn:aws:lambda:us-west-2:278483347755:function:GetPolicy"]}]}
Sun Oct 14 13:28:24 UTC 2018 : AuthorizerConfigurationException
无效的Json是这样的:
{
"Version": "10/14/18",
"Statement": [{
"Effect": "Allow",
"Action": ["apigateway: POST"],
"Resource": ["arn:aws:lambda:us-west-2:278483347755:function:GetPolicy"]
}]
}
对我来说这似乎还可以。在这里,Action 值取自 AWS 文档,Resource 是我的自定义授权方 lambda 方法的 ARN。
自定义授权 lambda 的响应不正确。
您可以在此处查看完整的详细信息 (https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-lambda-authorizer-output.html),但是对于您的示例,您需要 return:
{
"principalId": "user",
"policyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Action": "execute-api:Invoke",
"Effect": "Allow",
"Resource": "arn:aws:execute-api:us-west-2:278483347755:k8ate5przg/ESTestInvoke-stage/GET/"
}
]
}
}
具体来说,您需要将策略嵌套在 policyDocument 密钥中,并且您授予的权限是 而不是 以便能够 POST API 网关,但允许调用网关后面的功能。