AWS API网关:由于configuration错误而导致执行失败:响应中的JSON无效

我有一个调用Lambda函数的自定义授权者的API网关设置。 为了testing的目的,我从这里复制了这个例子: http : //docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-create-api-as-simple-proxy-for-lambda.html#api-网关代理集成-λ-function的NodeJS

我得到的文件相同的答案,但是当我testing授权者,我得到这个堆栈跟踪:

Endpoint request body after transformations: {"type":"TOKEN","authorizationToken":"test","methodArn":"arn:aws:execute-api:ap-southeast-2:893445519708:uyue0zqh15/null/GET/"} Authorizer result body before parsing: {"statusCode":200,"headers":{"x-custom-header":"my custom header value"},"body":"{\"message\":\"Hello World!\",\"input\":{\"type\":\"TOKEN\",\"authorizationToken\":\"test\",\"methodArn\":\"arn:aws:execute-api:ap-southeast-2:893445519708:uyue0zqh15/null/GET/\"}}"} Execution failed due to configuration error: Invalid JSON in response: {"statusCode":200,"headers":{"x-custom-header":"my custom header value"},"body":"{\"message\":\"Hello World!\",\"input\":{\"type\":\"TOKEN\",\"authorizationToken\":\"test\",\"methodArn\":\"arn:aws:execute-api:ap-southeast-2:893445519708:uyue0zqh15/null/GET/\"}}"} AuthorizerConfigurationException 

为什么授权人不喜欢JSON响应?

授权人响应格式与集成代理响应格式不同。 我可以看到这是混乱!

自定义授权者的输出应符合以下格式:

 { "principalId": "yyyyyyyy", // The principal user identification associated with the token sent by the client. "policyDocument": { "Version": "2012-10-17", "Statement": [ { "Action": "execute-api:Invoke", "Effect": "Allow|Deny", "Resource": "arn:aws:execute-api:<regionId>:<accountId>:<appId>/<stage>/<httpVerb>/[<resource>/<httpVerb>/[...]]" } ] }, "context": { "key": "value", "numKey": 1, "boolKey": true } } 

principalIdpolicyDocument是必需的, context是可选的。

更新:

policyDocument不是用户定义的,它与在API网关操作和资源上运行的常规IAM策略的语法相同http://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-control-access -使用- IAM-政策对调用-api.html

在Lambda Web控制台中,对于python和node中的授权程序也有很好的蓝图,这里有一个Java蓝图: https : //github.com/awslabs/aws-apigateway-lambda-authorizer-blueprints