serverless-offline icon indicating copy to clipboard operation
serverless-offline copied to clipboard

Published 20 hours ago verified publisher icon dherault

Mocking Remote Authorizers broken since v13.x

Open tbehunin opened this issue 1 year ago • 2 comments
trafficstars

Bug Report

Current Behavior

From (at least) version 9.x up through 12.x, we were able to mock authorizers, based on what the readme currently says:

Remote authorizers

You are able to mock the response from remote authorizers by setting the environmental variable AUTHORIZER before running sls offline start

Example:

Unix: export AUTHORIZER='{"principalId": "123"}'

Windows: SET AUTHORIZER='{"principalId": "123"}'

Ever since 13.x was released, this fails to work.

Sample Code

  • file: serverless.yml
service: sls-playground

provider:
  name: aws
  runtime: nodejs16.x

custom:
  serverless-offline:
    httpPort: 4000
    websocketPort: 4001
    lambdaPort: 4002

functions:
  hello:
    handler: handler.hello
    events:
      - httpApi:
          path: /
          method: get

plugins:
  - serverless-offline
  • file: handler.js
exports.hello = async (event) => {
  return {
    statusCode: 200,
    body: JSON.stringify({
      message: "Go Serverless v4! Your function executed successfully!",
      event
    }),
  };
};

Run the following from a terminal window:

export AUTHORIZER='{"principalId":"123"}' && sls offline start

Expected behavior/code

The event.requestContext object should have an authorizer prop with what was set on the terminal:

    "requestContext": {
      "accountId": "offlineContext_accountId",
      "apiId": "offlineContext_apiId",
      "authorizer": {
        "principalId": "123"
      },

Environment

  • serverless version: 4.4.5
  • serverless-offline version: 12.0.4 WORKS, but anything after (13.x+, 14.x+) is broken
  • node.js version: 22.9.0
  • OS: macOS 15.0.1

Possible Solution

PR that introduced this feature: https://github.com/dherault/serverless-offline/pull/475

Additional context/Screenshots

tbehunin avatar Oct 14 '24 17:10 tbehunin

It may have been broken by https://github.com/dherault/serverless-offline/pull/1786. That PR removes the authorizer prop if no authorizer is configured for the endpoint. Downgrading to serverless-offline: "13.5.0" resolved it for me, at least for now.

cullylarson avatar Oct 31 '24 18:10 cullylarson

Using 13.5.0 also works for me to get the AUTHORIZER environment variable working, but it caps the version of Node that can be specified in the runtime to nodejs20.x

ericbisme avatar Mar 20 '25 00:03 ericbisme