serverless-application-model icon indicating copy to clipboard operation
serverless-application-model copied to clipboard

Published 20 hours ago verified publisher icon aws

Api Authorizer must specify at least one identity even authorization caching is disabled

Open respire opened this issue 4 years ago • 7 comments

Description

I want to create a request authorizer which performs authentication if Authorization is existed in header. However, when i try to run sam deploy, it occured an error.

Authorizer must specify Identity with at least one of Headers, QueryStrings, StageVariables, or Context

but the official api docs said (identitySource)

When the authorization caching is not enabled, this property is optional.

https://docs.aws.amazon.com/apigateway/api-reference/resource/authorizer/

so I set ReauthorizeEvery to zero so as to disable caching, but it has no effect.

Steps to reproduce

Auth:
      Authorizers:
        MyRequestAuthorizer:
          FunctionPayloadType: REQUEST
          FunctionArn: !GetAtt MyRequestAuthorizerFunction.Arn
          Identity:
            ReauthorizeEvery: 0

Observed result

Authorizer must specify Identity with at least one of Headers, QueryStrings, StageVariables, or Context

Expected result

should be able to create a request authorizer with empty identitySource when caching is disabled noted that i can remove all the identitySources under api gateway dashboard.

Additional environment details (Ex: Windows, Mac, Amazon Linux etc)

SAM CLI, version 0.44.0 macos 10.15.3

respire avatar Mar 11 '20 10:03 respire

I am running into this issue as well. Did you ever get a workaround besides using the console?

Elliot128 avatar Apr 09 '20 15:04 Elliot128

PR #1577 opened for fixing this issue.

daftster avatar Feb 24 '21 23:02 daftster

PR got merged

moelasmar avatar Apr 06 '21 19:04 moelasmar

Released in 1.3.6 and CLI 1.24.0

mgrandis avatar Jun 02 '21 22:06 mgrandis

Re-opening. The original PR was reverted due to service impact when ReauthorizeEvery is an intrinsic function.

jfuss avatar Jun 04 '21 21:06 jfuss

Still seeing the same problem. Any future plan on this one?

sukruavcuoglu avatar Jun 29 '21 09:06 sukruavcuoglu

Any update on this?

parkar10 avatar Aug 22 '22 19:08 parkar10

For what it's worth, I just experienced this error when I specified only:

      Auth:
        Authorizers:
          PPAuthorizer:
            FunctionArn: !Ref AuthorizerArnParam
            FunctionPayloadType: REQUEST

But the error went away when I:

Auth:
        Authorizers:
          PPAuthorizer:
            FunctionArn: !Ref AuthorizerArnParam
            FunctionPayloadType: REQUEST
            Identity:
              ReauthorizeEvery: 0

I see that #2105 was merged July 2021, which reverted the revert and adds the original fix in a way that works with intrinsic functions.

All said, does that mean this issue can be closed @jfuss ?

tunesmith avatar Oct 25 '22 17:10 tunesmith