Guides
  1. Advanced Workflows

Custom Lambda with Nomad Media Authorizer

How to build a custom AWS Lambda function that uses the Nomad Media Authorizer to receive authenticated user context from API Gateway.

API Gateways in your AWS account can use the existing Nomad Media Authorizer Lambda to secure custom routes. When a request passes authentication, the authorizer injects four Nomad Media-specific attributes into the Lambda event context.

For instructions on attaching the Nomad Media Authorizer to your API Gateway, see Nomad Media Authorizer Setup.

Authorizer Attributes

AttributeTypeValue
isAuthdBooleantrue if the user passed authorization; false otherwise
userIdGUIDThe unique Nomad Media user ID. This never changes, even if the user's email changes.
namestringThe first and last name of the user
emailstringThe email address of the user

HTTP API Gateway Sample

Use the following as a starting point for custom Lambdas behind an HTTP API Gateway:

exports.handler = async (event, context) => {
    console.log("=========== event ===================");
    console.log(JSON.stringify(event));

    try {
        let requestContextObject = event.requestContext;

        let isAuthd = requestContextObject.authorizer.lambda.isAuthd;
        let userId  = requestContextObject.authorizer.lambda.userId;
        let name    = requestContextObject.authorizer.lambda.name;
        let email   = requestContextObject.authorizer.lambda.email;

        console.log(`isAuthd Parameter: ${isAuthd}`);
        console.log(`userId Parameter: ${userId}`);
        console.log(`name Parameter: ${name}`);
        console.log(`email Parameter: ${email}`);

        return "OK";

    } catch (error) {
        console.log(`Error: ${error}`);
    }
};

Example output:

INFO isAuthd Parameter: true
INFO userId Parameter: 83f15ca3-7e5c-4232-b4c9-57f5333d618a
INFO name Parameter: Test Account
INFO email Parameter: [email protected]

REST API Gateway Sample

For custom Lambdas behind a REST API Gateway, the authorizer context is accessed differently:

exports.handler = async (event) => {

    let requestContextObject = event.requestContext;

    let isAuthd = requestContextObject.authorizer.isAuthd;
    let userId  = requestContextObject.authorizer.userId;
    let name    = requestContextObject.authorizer.name;
    let email   = requestContextObject.authorizer.email;

    console.log(`isAuthd Parameter: ${isAuthd}`);
    console.log(`userId Parameter: ${userId}`);
    console.log(`name Parameter: ${name}`);
    console.log(`email Parameter: ${email}`);

    let responseBody = {
        message: "OK"
    };

    let response = {
        statusCode: 200,
        body: JSON.stringify(responseBody)
    };

    return response;
};

The key difference between HTTP and REST API Gateway: HTTP uses authorizer.lambda.* while REST uses authorizer.* directly on the request context.