Support for multi-argument authorizer functions and access tokens

You can now use multi-argument authorizer functions for authentication and authorization. A multi-argument authorizer function accepts a user-defined, multi-argument access token comprising one or more elements of a request.

Using a multi-argument (rather than a single-argument) authorizer function enables an API gateway to perform finer-grained, request-based authentication. A multi-argument authorizer function can query decision services and policy agents with attributes from the access token and with other request elements such as query parameters, hostname, and subdomain.

For more information, see Using Authorizer Functions to Add Authentication and Authorization to API Deployments.