Custom authorizer error not returned to client

akoutmos · October 10, 2019, 4:27pm

I am running into some issues when using a custom authorizer for my Serverless Framework endpoints.

I followed the docs listed here: https://serverless.com/framework/docs/providers/aws/events/apigateway/#http-endpoints-with-custom-authorizers and I am able to get my requests to go through if the user is authenticated and they are rejected if the token is invalid so all good there.

My issue is that, from my authorizer handler, I return return new Error('[401] Unauthorized') if the token is invalid, but that doesn’t seem to make its way to the client. As per the docs (https://serverless.com/framework/docs/providers/aws/events/apigateway/#using-status-codes) I would expect the client to receive a response of 401 but instead they get a 500 with a payload of {"message":null}.

Any help would be greatly appreciated. Thanks!

buggy · October 14, 2019, 9:28am

Those status codes only apply to Lambda’s handling requests from the API Gateway and not the custom authorizers. See https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-use-lambda-authorizer.html for an example of how to trigger a 401 response from a custom authorizer.

Topic		Replies	Views
Custom Lambda Authorizer returning blank error message Serverless Framework lambda , api-gateway	2	4819	January 8, 2020
Custom Authorizer returning Unauthorized - NotAnErrorType Serverless Framework aws , lambda , api-gateway	4	4329	June 24, 2020
[AWS] APIGateway returns 500 error when being used with a custom Lambda Authorizer Serverless Framework aws , lambda , api-gateway	1	5053	April 30, 2021
Custom Authorizer not being triggered Serverless Framework aws	3	5947	June 22, 2017
Serverless does not grant AWS Custom Authorizer with the required permissions to be invoked by API Gateway Serverless Framework aws , api-gateway	4	4139	March 13, 2019

Custom authorizer error not returned to client

Related Topics