I have a variation of the Auth0 example and am getting the following 500 error occurring attempting to hit the private endpoint on AWS (hidden by cors errors like others I’ve read about):
AuthorizerConfigurationException
My YAML file is only slightly different to the original, adding in a couple of environment variables.
service: aws-auth0-protected-endpoints
provider:
name: aws
runtime: nodejs4.3
functions:
auth:
handler: handler.auth
environment:
authId : ${file(env.yml):authId };
authSecret: ${file(env.yml):authSecret };
publicEndpoint:
handler: handler.publicEndpoint
events:
- http:
path: api/public
method: get
integration: lambda
cors: true
privateEndpoint:
handler: handler.privateEndpoint
events:
- http:
path: api/private
method: get
integration: lambda
authorizer: auth
cors:
origins:
- '*'
headers:
- Content-Type
- X-Amz-Date
- Authorization
- X-Api-Key
- X-Amz-Security-Token
The auth is pretty much the same too:
module.exports.auth = (event, context, cb) => {
if (event.authorizationToken) {
// remove "bearer " from token
const token = event.authorizationToken.substring(7);
const options = {
audience: AUTH0_CLIENT_ID,
};
jwt.verify(token, AUTH0_CLIENT_SECRET, options, (err, decoded) => {
if (err) {
console.log('Unauthorized:> ' + err)
cb('Unauthorized');
} else {
console.log('Authorized:> ' + decoded.sub);
cb(null, generatePolicy(decoded.sub, 'Allow', event.methodArn));
}
});
} else {
cb('Unauthorized');
}
};
Cloudwatch logs show my call does actually get through the auth function. But doesn’t then call the private function.
Another mystifying thing is that the environment keys get given an additional semi-colon on upload. I need to keep going in and deleting it.
Any help on this would be great.