Custom authorizer is no more valid after 1 use

Serverless Framework
, ,
1

Following is the serverless version that I am using

Framework Core: 1.77.1
Plugin: 3.6.18
SDK: 2.3.1
Components: 2.33.1

I hv set up a custom authorizer with jsonwebtoken… following is my generatePolicy function

public generatePolicy(methodArn: CustomAuthorizerEvent['methodArn']): CustomAuthorizerResult {
        return {
            principalId: this.principalId,
            policyDocument: {
                Version: '2012-10-17',
                Statement: [{
                    Action: 'execute-api:Invoke',
                    Effect: 'Allow',
                    Resource: methodArn
                }]
            },

        }
    }

Problem is when i create the token… the token stays valid for one api end point… but when i use the token for another api endpoint it does not work anymore.
Here is an example on how i call the authorizer in my serverless.ts (json) file

createProfile: {
      handler: 'src/handlers/Persons/Profile.create',
      events: [
        {
          http: {
            method: 'post',
            path: 'persons/profile',
            cors: {
              origins: "*",
              headers: [
                'Content-Type',
                'Authorization',
                'X-Api-Key',
                'X-Amz-Security-Token',
                'X-Amz-User-Agent'
              ],
              allowCredentials: true
            },
            authorizer: {
              name: 'verify_token',
              type: 'token'
            }
          }
        }
      ]
    }

Can anyone please help?

1 Like
2

In the Allow policy, set the Resource to * rather than the methodArn. I can’t remember why, but after a lot of problems, this solved it for me.

(Maybe it caches that that principal is only allowed to see the first provided methodArn, even when caching is turned off. Sorry, I can’t remember what it is, but try using a wildcard.)

2 Likes
3

This worked, saved a lots of time … thank you