Api gateway custom authorizer caching problems


Hi guys I did the implamentation to use custom authorizer for the api gateway, and I was testing with the policy

  principalId: userId,
  policyDocument: {
    Version: '2012-10-17',
    Statement: [
        Action: 'execute-api:Invoke',
        Effect: 'Allow',
        Resource: event.methodArn,

and was working, then I force an error to switch the effect to Deny, but now all the requests are returning Unauthorized.

I see that is not even calling the authorizer function anymore.

Is this cached?
How I make it work again?




There are 2 resolutions.

  1. return the entire security policy for the user for all endpoints of your api.
  2. don’t cache the policy.

I prefer #2 myself and you can do it in your serverless.yml where you define your function(s).

    handler: auth/jwt.handler

    handler: myCode.doSomething
      - http:
          path: /dosomething
          method: post
          cors: true
            name: jwtAuth
            resultTtlInSeconds: 0

The key bit being resultTtlInSeconds: 0

Hope this helps.