Custom authorizer error not returned to client

akoutmos · October 10, 2019, 4:27pm

I am running into some issues when using a custom authorizer for my Serverless Framework endpoints.

I followed the docs listed here: https://serverless.com/framework/docs/providers/aws/events/apigateway/#http-endpoints-with-custom-authorizers and I am able to get my requests to go through if the user is authenticated and they are rejected if the token is invalid so all good there.

My issue is that, from my authorizer handler, I return return new Error('[401] Unauthorized') if the token is invalid, but that doesn’t seem to make its way to the client. As per the docs (https://serverless.com/framework/docs/providers/aws/events/apigateway/#using-status-codes) I would expect the client to receive a response of 401 but instead they get a 500 with a payload of {"message":null}.

Any help would be greatly appreciated. Thanks!

buggy · October 14, 2019, 9:28am

Those status codes only apply to Lambda’s handling requests from the API Gateway and not the custom authorizers. See https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-use-lambda-authorizer.html for an example of how to trigger a 401 response from a custom authorizer.

Topic		Replies	Views
Custom Lambda Authorizer returning blank error message Serverless Framework lambda , api-gateway	2	5108	January 8, 2020
Custom Authorizer returning Unauthorized - NotAnErrorType Serverless Framework aws , lambda , api-gateway	4	4724	June 24, 2020
[AWS] APIGateway returns 500 error when being used with a custom Lambda Authorizer Serverless Framework aws , lambda , api-gateway	1	5792	April 30, 2021
Custom Authorizer Serverless Framework aws	1	887	April 10, 2018
How to return custom error message from Authorizer Serverless Framework	0	257	May 6, 2024

Custom authorizer error not returned to client

Related topics