Lambda based authorizers for API Gateway should not fail before the lambda itself gets called.
Current Behavior
If there is no identity source (either token or query string), the AuthScheme will automatically return an unauthorized result, leading to the API request to fail.
Expected behavior/code
The event passed into the Authorizer should have undefined authorizationToken and identitySource fields, but it should be up to the Authorizer Lambda to pass/fail the request. This would be in line with AWS's behaviour.
Bug Report
Lambda based authorizers for API Gateway should not fail before the lambda itself gets called.
Current Behavior
If there is no identity source (either token or query string), the
AuthScheme
will automatically return anunauthorized
result, leading to the API request to fail.Expected behavior/code
The event passed into the Authorizer should have undefined
authorizationToken
andidentitySource
fields, but it should be up to the Authorizer Lambda to pass/fail the request. This would be in line with AWS's behaviour.Environment
serverless
version: 3.30.1serverless-offline
version: 12.0.4node.js
version: 18.14OS
: Windows 10Possible Solution
Remove the automatic fail at these lines.