I tried using the Auth0 Serverless example, it is working very well for POST requests. I’m however running into the problem with a PUT request. This requires a dynamic path to be set. So i have done exactly that in the following way:
element-update:
handler: functions/elements/update.update
events:
- http:
path: element/{code}
method: put
integration: lambda
authorizer: auth # See custom authorizer docs here: http://bit.ly/2gXw9pO
cors:
origins:
- '*'
headers:
- Content-Type
- X-Amz-Date
- Authorization
- X-Api-Key
- X-Amz-Security-Token
Now when the policy is generated, it seems to be getting a conflict because the dynamic parameter is in the methodArn, it seems to affect the resource. As a result im getting the following error:
User is not authorized to access this resource
Any ideas how to counter this problem? I tried adding a wildcard to the methodArn as following:
cb(null, generatePolicy(decoded.sub, 'Allow', event.methodArn+'*'));
But that does’nt seem to help.