I am trying to implement a custom authorizer for my functions triggered via API Gateway (http event). However, it looks like the authorizer is not even being triggered when a request is made to the endpoint and the result always returns
"message": "Unauthorized"
}
This is what I have setup so far:
- Authorizer definition inside serverless.yml
authenticate_validate:
name: ${opt:stage}_auth_validate
handler: api/auth/validate.validate
- Function to be authorized linked to the authorizer:
api_list:
name: ${opt:stage}_list
handler: api/list.list
events:
- http:
path: v1/{resource}
method: get
cors:
origins:
- '*'
headers:
- Content-Type
- X-Amz-Date
- Authorization
- X-Api-Key
- X-Amz-Security-Token
authorizer: authenticate_validate
- The authorizer function just returns a success document by default for testing purposes but this is a moot point because logs of the authorizer function (
ls logs -f authenticate_validate -t --stage dev) show that it never gets triggered anyway. - After sls deploy, the authorizer function is added as an authorizer as per the API Gateway console, and using the “Test your authorizer” input results in the log command above showing execution.
- If attempting to run the endpoint linked to the authorizer, no log output is produced at all for the function that should be triggered by the endpoint or the authorizer functions logs; i.e. the authorizer looks like it is never hit.
It seems to me that there is somethimng preventing API Gateway from communicating with the authorizer and therefore it automatically throws an Unauthorized error. As soon as I take the reference to the custom authorizer away from the function it works as intended (minus authorization obviously).
If anyone can help point me to where my problem may be that would be appreciated because I am stumped. I can find no log anywhere that shows me where the Unauthorized response is being generated so have no way to determine where the problem lies besides poking through the keyhole with a stick to see what squeals.