A very simple custom authoriser.

simple-custom-authoriser.js

const yourAuthorizationLogic = require('./yourAuthorizationLogic');

const generateIamPolicy = (principalId, Effect, Resource, context) => ({
  principalId,
  policyDocument: {
    Version: '2012-10-17',
    Statement: [{ Action: 'execute-api:Invoke', Effect, Resource }],
  },
  context,
});

const auth = (event, context, callback) => {
  console.debug(`Attempting auth for ${JSON.stringify(event)}`);
  const { methodArn, authorizationToken } = event;

  return yourAuthorizationLogic(authorizationToken)
    .then((user /* = { id, someContext, someMoreContext, ... } */) => {
      console.info(`Authoized ${authorizationToken} as ${JSON.stringify(user)}`);
      return callback(null, generateIamPolicy(user.id, 'Allow', methodArn, user));
      // alternatively you can return a 403 using:
      // callback(null, generateIamPolicy('user', 'Deny', methodArn)); to 403
    })
    .catch((error) => {
      if (!error) {
        return callback('Unauthorized'); // 401.
      }
      console.error(`Unable to authorise because of: ${JSON.stringify(error)}`);
      return callback('Server Error'); // 500.
    });
};

module.exports = { auth };