Set Custom Authorizer type to REQUEST (not TOKEN)

kiwicrog · September 26, 2017, 2:13am

I’m setting up a service to listen to POST requests to an AWS API Gateway.

The service includes a Custom Authorizer function:

 functions:
    listen:
    handler: index.handler
    events:
          - http:
                path: /listener
                method: POST
                authorizer: authorizerFunc
  authorizerFunc:
    handler: index.authorizer

I expected the authorizerFunc to be passed the full HTTP request from AWS API Gateway, since I’m using the default lambda-proxy method. But instead the function is only receiving the Authorization header as a TOKEN.

event variable:
{
“type”: “TOKEN”,
“methodArn”: “arn:aws:execute-api:us-east-1:[REDACTED]”,
“authorizationToken”: “imatoken”
}

How can I change the custom authorizer type from TOKEN to REQUEST, so that the authorizationFunc gets the full HTTP request?

Info on TOKEN vs REQUEST type authorizers: Amazon API Gateway

kiwicrog · September 26, 2017, 4:15am

It looks like the “TOKEN” type is hardcoded into Serverless:

github.com

serverless/serverless/blob/be148344bdef62aa93de91fd150047092fd61b55/lib/plugins/aws/deploy/compile/events/apiGateway/lib/authorizers.js#L72


    "Properties" : {
      "AuthorizerResultTtlInSeconds" : "${resultTtlInSeconds}",
      "AuthorizerUri" : {"Fn::Join" : ["", [
        "arn:aws:apigateway:",
        {"Ref" : "AWS::Region"},
        ":lambda:path/2015-03-31/functions/${authorizerArn}/invocations"
      ]]},
      "IdentitySource" : "${identitySource}",
      "Name" : "${authorizerName}",
      "RestApiId" : { "Ref": "RestApiApigEvent" },
      "Type" : "TOKEN"
    }
  }
`;




const authorizerTemplateJson = JSON.parse(authorizerTemplate);




if (authorizer.identityValidationExpression
  && typeof authorizer.identityValidationExpression === 'string') {

This being the case, how can I get the HTTP request parameters into the Authorizer function? I’m getting the request in the run function itself, as expected due to lambda-proxy.

madzim · September 27, 2017, 1:59pm

I’m having the same problem.

I found this plugin and I was hopeful it would just work: https://github.com/SC5/serverless-plugin-cfauthorizer

I made the changes per the docs, but deployment would fail:

Serverless: Checking Stack update progress...
.........................
Serverless: Operation failed!

  Serverless Error ---------------------------------------

  An error occurred: myAuthorizer - URI is a required field in an Authorizer.

  Stack Trace --------------------------------------------

The AWS::ApiGateway::Authorizer docs confirm this is required.

The plugin code is very short and I suspect that one may only need to add some kind of definition around line 66-67 to add the AuthorizerUri.

But I’m very green with serverless and CloudFormation and I’m not sure how to go about making the change.

kiwicrog · October 2, 2017, 12:12am

Bump.

Raised as https://github.com/serverless/serverless/issues/4325

Topic		Replies	Views
Cannot change authorizer to type Request Serverless Framework aws , lambda	0	363	June 15, 2020
Sharing a REQUEST type custom authorizer Serverless Framework aws , api-gateway	1	721	August 30, 2020
Bug in Api Gateway Authorizer schema for authorizer.type = CUSTOM? Serverless Framework api-gateway	6	2834	December 8, 2020
Authorization Function not being configured on AWS API Gateway Serverless Framework	1	798	March 28, 2020
API GW Custom Authorizer Serverless Framework lambda , api-gateway	2	2825	May 28, 2019

Set Custom Authorizer type to REQUEST (not TOKEN)

Related Topics