serverless-offline icon indicating copy to clipboard operation
serverless-offline copied to clipboard
verified publisher icon dherault

Cannot use basic http authorizer with httpApi

Open rdupz opened this issue 3 years ago • 1 comments

https://github.com/dherault/serverless-offline/blob/0f7ec23c0995efc9a74928ce40194cf6b06a6c66/src/events/http/HttpServer.js#L308

This should be

    if (!jwtSettings.authorizerName) {
      return null;
    }

so _configureAuthorization can be use instead of _configureJWTAuthorization.

Reproducer:

service: myservice
frameworkVersion: '3'


provider:
  name: aws
  runtime: nodejs14.x
  profile: default
  httpApi:
    authorizers:
      customAuthorizer:
        type: request
        functionName: customAuthorizer
        resultTtlInSeconds: 0
        identitySource: method.request.header.Authorization

functions:
  api:
    handler: handler.handler
    environment:
      AWS_SDK_LOAD_CONFIG: 1
    events:
      - httpApi:
          path: "/{path+}"
          method: "*"
          authorizer:
            name: customAuthorizer
            type: request
  customAuthorizer:
    handler: authorizer.handler

resources:
  Resources:
    GatewayResponse:
      Type: 'AWS::ApiGateway::GatewayResponse'
      Properties:
        ResponseParameters:
          gatewayresponse.header.WWW-Authenticate: "'Basic'"
        ResponseType: UNAUTHORIZED
        RestApiId:
          Ref: 'ApiGatewayRestApi'
        StatusCode: '401'

plugins:
  - serverless-offline

rdupz avatar Feb 25 '22 13:02 rdupz

#1311 related

rdupz avatar Feb 25 '22 13:02 rdupz