Unexpected error creating custom HTTP API authorizer

Hi all,

I’m trying to setup a custom request authorizer and I’m following the documentation located here, but my project keeps failing whenever I try to deploy.

It looks like my cloud formation template keeps trying to use a token authorizer and is failing because I don’t specify an audience, which shouldn’t be required for a request authorizer according to the docs. This seems to be an issue with the framework and not my specific config. Is there something obvious I’m missing or should I raise a bug request on GitHub? Thanks!

Serverless Version:
"serverless": "2.52.0",

My authorizer setup:

        type: request
        functionName: authorizerFunc
        enableSimpleResponses: true
        payloadVersion: '2.0'
        identitySource: $request.header.Authorization

An example function using the custom authorizer (with certain values omitted):

    handler: handler.*****
      - httpApi:
          method: POST
          path: *****
            name: customBasicAuthorizer

Serverless Error Thrown:

Error: The CloudFormation template is invalid: [/Resources/HttpApiAuthorizerCustomBasicAuthorizer/Type/JwtConfiguration/Audience/0] 'null' values are not allowed in templates
      at /usr/local/lib/node_modules/serverless/lib/plugins/aws/deploy/lib/validateTemplate.js:20:13
      at tryCatcher (/usr/local/lib/node_modules/serverless/node_modules/bluebird/js/release/util.js:16:23)
      at Promise._settlePromiseFromHandler (/usr/local/lib/node_modules/serverless/node_modules/bluebird/js/release/promise.js:547:31)
      at Promise._settlePromise (/usr/local/lib/node_modules/serverless/node_modules/bluebird/js/release/promise.js:604:18)
      at Promise._settlePromise0 (/usr/local/lib/node_modules/serverless/node_modules/bluebird/js/release/promise.js:649:10)
      at Promise._settlePromises (/usr/local/lib/node_modules/serverless/node_modules/bluebird/js/release/promise.js:725:18)
      at _drainQueueStep (/usr/local/lib/node_modules/serverless/node_modules/bluebird/js/release/async.js:93:12)
      at _drainQueue (/usr/local/lib/node_modules/serverless/node_modules/bluebird/js/release/async.js:86:9)
      at Async._drainQueues (/usr/local/lib/node_modules/serverless/node_modules/bluebird/js/release/async.js:102:5)
      at Immediate.Async.drainQueues [as _onImmediate] (/usr/local/lib/node_modules/serverless/node_modules/bluebird/js/release/async.js:15:14)
      at processImmediate (internal/timers.js:461:21)

Relevant Portion of my CF template that gets generated:

    "HttpApiAuthorizerCustomBasicAuthorizer": {
      "Type": "AWS::ApiGatewayV2::Authorizer",
      "Properties": {
        "ApiId": {
          "Ref": "HttpApi"
        "AuthorizerType": "JWT",
        "IdentitySource": [
        "JwtConfiguration": {
          "Audience": [
        "Name": "customBasicAuthorizer"

I’m experiencing the same thing.

Serverless: at ‘provider.httpApi.authorizers.customAuthorizer’: unrecognized property ‘type’
Serverless: at ‘provider.httpApi.authorizers.customAuthorizer’: unrecognized property ‘functionName’
Serverless: at ‘provider.httpApi.authorizers.customAuthorizer’: unrecognized property ‘enableSimpleResponses’
Serverless: at ‘provider.httpApi.authorizers.customAuthorizer’: should have required property ‘issuerUrl’
Serverless: at ‘provider.httpApi.authorizers.customAuthorizer’: should have required property ‘audience’

Just seems like it’s ignoring type: request and related configuration.

This issue has been resolved - it turns out this was due to an outdated Serverless version locally (v1.74.1). Updating to v2.49.0 fixed this for me.

Resolved for me as well.

For the next person: I think I had a plugin that installed serverless locally, even though I did not intentionally do that. I deleted the serverless folder under my project’s node_modules, and then running serverless --version gave me the correct version (2.52.1), and it worked.

So … if you’re reading this, try this:

  • install serverless globally - read the docs and uninstall/reinstall if you have to
  • run “serverless upgrade” if necessary
  • remove the serverless folder from your project’s node_modules (run serverless --version to make sure you have the right version installed)
  • also make sure that if you have frameworkVersion in your serverless.yml file that it is set to an appropriately recent version (2.52.1 for example)