I am working on lambda authorization and I learned that there are generally two options.
Either use the default authorizer on the API gateway level, which will do all the heavy lifting (validate the tokens), or write a custom authorizer, which will require me to implement all the logic including all the token validations, which I would like to avoid if possible. I don’t want to write such code, I want to use something that is time proven and tested.
My question is, is it considered secure to write code in my lambda (e.g. python decorator) that will do authorization based on the data in the lambda context.authorizer.claims? assuming of course all I need is there (e.g. cognito:groups, cognito:username, etc.)
can I treat the authorizer data in the context as solid (passed the security validation)?