IoT / Client / test_invoke_authorizer



Tests a custom authorization behavior by invoking a specified custom authorizer. Use this to test and debug the custom authorization behavior of devices that connect to the IoT device gateway.

Requires permission to access the TestInvokeAuthorizer action.

See also: AWS API Documentation

Request Syntax

response = client.test_invoke_authorizer(
        'headers': {
            'string': 'string'
        'queryString': 'string'
        'username': 'string',
        'password': b'bytes',
        'clientId': 'string'
        'serverName': 'string'
  • authorizerName (string) –


    The custom authorizer name.

  • token (string) – The token returned by your custom authentication service.

  • tokenSignature (string) – The signature made with the token and your custom authentication service’s private key. This value must be Base-64-encoded.

  • httpContext (dict) –

    Specifies a test HTTP authorization request.

    • headers (dict) –

      The header keys and values in an HTTP authorization request.

      • (string) –

        • (string) –

    • queryString (string) –

      The query string keys and values in an HTTP authorization request.

  • mqttContext (dict) –

    Specifies a test MQTT authorization request.

    • username (string) –

      The value of the username key in an MQTT authorization request.

    • password (bytes) –

      The value of the password key in an MQTT authorization request.

    • clientId (string) –

      The value of the clientId key in an MQTT authorization request.

  • tlsContext (dict) –

    Specifies a test TLS authorization request.

    • serverName (string) –

      The value of the serverName key in a TLS authorization request.

Return type:



Response Syntax

    'isAuthenticated': True|False,
    'principalId': 'string',
    'policyDocuments': [
    'refreshAfterInSeconds': 123,
    'disconnectAfterInSeconds': 123

Response Structure

  • (dict) –

    • isAuthenticated (boolean) –

      True if the token is authenticated, otherwise false.

    • principalId (string) –

      The principal ID.

    • policyDocuments (list) –

      IAM policy documents.

      • (string) –

    • refreshAfterInSeconds (integer) –

      The number of seconds after which the temporary credentials are refreshed.

    • disconnectAfterInSeconds (integer) –

      The number of seconds after which the connection is terminated.


  • IoT.Client.exceptions.ResourceNotFoundException

  • IoT.Client.exceptions.InvalidRequestException

  • IoT.Client.exceptions.ThrottlingException

  • IoT.Client.exceptions.UnauthorizedException

  • IoT.Client.exceptions.ServiceUnavailableException

  • IoT.Client.exceptions.InternalFailureException

  • IoT.Client.exceptions.InvalidResponseException