Lambda needs Requester IP address

Looking into enabling an AWS Lambda function, reachable via an AWS API gateway, to auth via Okta. The lambda must have access to the IP address of the caller. Once an Application has been defined for the lambda in Okta, I think the following would work:

  1. client (requester) calls the URL that reaches lambda
  2. lambda sees that client not authenticated, responds with a redirect to okta
  3. client automatically redirects to okta, user logs in
  4. okta redirects client to the lambda, but this time there is a token so the lambda is happy
  5. lambda uses the event source IP: my understanding is that this will be the client WAN IP, not the okta server IP
  6. lambda does its work using this source IP, and sends http response

Did I get anything wrong?