serverless-offline icon indicating copy to clipboard operation
serverless-offline copied to clipboard
verified publisher icon dherault

feat: Sends authorizer request even if Identity Source value is not present in the request

Open duplow opened this issue 2 years ago • 3 comments

Description

To maintain compatibility with older versions of serverless-offline (< 8.0.0) this PR adds a default value of '' (empty string) when the identity source value is not sent in the request

Motivation and Context

When the identity source value is not provided in the request, a 401 error is triggered and the request is not sent to the authorizer. Different from what happens in production on AWS

✖ Identity Source is null for header authorization (λ: authorizer)

Related issues:

https://github.com/dherault/serverless-offline/issues/1638

How Has This Been Tested?

Integration tests + running locally

duplow avatar Sep 18 '23 21:09 duplow

any updates on this PR? I'm running into this exact problem. I tried this solution but it did not work. https://stackoverflow.com/questions/70035396/allow-guest-mode-no-authorization-in-custom-authorizer-in-aws

My use case is simple, I need "guest" access to a number of end-points behind an custom authorizer. I can handle the request in my code, but right now, the request fails ("✖ Identity Source is null for header authorization (λ: authorizerFunc)") before hitting my Authorizer function.

service: core-services
plugins:
  - serverless-plugin-optimize
  - serverless-offline

useDotenv: true
frameworkVersion: '3'

provider:
  name: aws
  runtime: nodejs20.x
  stage: dev
  region: us-east-2
  timeout: 10 # optional, in seconds, default is 6
  apiGateway:
    shouldStartNameWithService: true
  environment:
  httpApi:
    cors: true
    authorizers:
      authorizerFunc:
        type: request
        functionName: authorizerFunc
        resultTtlInSeconds: 0

functions:
  main:
    handler: dist/src/serverless.handler
    events:
      - httpApi:
          cors: true
          method: any
          path: '/v1/auth/{any+}'
      - httpApi:
          path: /{any+}
          method: any
          authorizer:
            name: authorizerFunc
  authorizerFunc:
    handler: dist/src/authorizer/auth.handler

jdhrivas avatar Mar 23 '24 17:03 jdhrivas

Hi, any news about this?

AWS is going to retire node16 for lambdas and at the moment, we have used serverless-offline:8.0.0 to workaround this issue but come June 2024, we have no choice but to upgrade to node 18, which then results into this error.

PierrickLozach avatar Apr 17 '24 09:04 PierrickLozach

Can someone take a look at this PR, doesn't look complicated and could solve the issue of a lot of people...

celadari avatar Apr 30 '24 16:04 celadari

@celadari @PierrickI3 @jdhrivas #1639 already fixes that. I even tested locally scenario described in #1638

We also have integration tests for this. They aren't exactly the same as described here, but I added:

identitySource: ""

and it passed image

DorianMazur avatar May 22 '24 19:05 DorianMazur