I am facing an issue while setting up a Kong Service which connects to AWS Lambda function using the AWS Lambda plugin on Kong. Before making the call to Lambda, I want the requests to be authenticated with OAuth2.0 and ApiKey plugins. I have created an anonymous consumer and added a request termination plugin on it which returns 401 error. I have added the anonymouse ID to both the auth plugins (ApiKey and OAuth2.0), but the requests hit the lambda function even when I don’t send any api key or oauth2.0 tokens. Am I missing something?
As you have
config.anonymous set on both auth plugins, authentication can be bypassed and the request will be considered coming from anonymous user.
To force user to provide at least one authentication (either oauth2 access_token or apikey), you can enable request termination plugin on anonymous consumer.
I have set request termination plugin on anonymous consumer, still the request is hitting the lambda function. When I remove the lambda function, it works!
I want the lambda function to be hit only if either apikey or oauth2 plugin authenticates the request.
I just realized
request termination plugin has lower priority than
lambda plugin. In this case I guess you can’t use OR auth method in front of lambda plugin on a native way.
You probably need to use GitHub - Kong/priority-updater: Tool to quickly create a plugin with an updated priority to create a special request termination plugin with higher priority and use it on the consumer.
Hey thanks! That worked. Really appreciate the help and the quick response here.