CORS issue with JWT based authoriser

I am facing CORS issue when authoriser invalidate token, I guess because lack of header “Access-Control-Allow-Credentials”.

  1. How can i resolve this issue?
  2. how can i add custom headers in authorizer response?
  3. Can i add custom message in authrizer response?

Authorizer code is below :

function generateAuthResponse(principalId, effect, methodArn) {
const policyDocument = generatePolicyDocument(effect, methodArn);
console.log(‘8 - generateAuthResposne’, principalId)

return {





function generatePolicyDocument(effect, methodArn) {

if (!effect || !methodArn) return null;

const policyDocument = {

Version: "2012-10-17",

Statement: [


    Action: "execute-api:Invoke",

    Effect: effect,

    Resource: methodArn




return policyDocument;


module.exports.handler = async function verifyToken(event, context, callback) {
const token = event.authorizationToken;
const methodArn = event.methodArn;
if (!token || !methodArn) return callback(null, “Unauthorized”);
try {
const user = await getUserFromToken(token) // call token func
if (user && user.userId) {
return callback(null, generateAuthResponse(user.userId, “Allow”, methodArn));
} else {
return callback(null, generateAuthResponse(‘Inalid user’, “Deny”, methodArn));
} catch(error) {
return callback(null, generateAuthResponse(error.message, “Deny”, methodArn));



I have observed that my request doesn’t reach upto api gateway until 5 minutes passes from first request, event though i have disabled Authorizer Cache, which was set for 5 minutes.
Any solutions.