Lambda based authorizers for API Gateway should not fail before the lambda itself gets called.
Current Behavior
If there is no identity source (either token or query string), the AuthScheme will automatically return an unauthorized result, leading to the API request to fail.
Expected behavior/code
The event passed into the Authorizer should have undefined authorizationToken and identitySource fields, but it should be up to the Authorizer Lambda to pass/fail the request. This would be in line with AWS's behaviour.
Bug Report
Lambda based authorizers for API Gateway should not fail before the lambda itself gets called.
Current Behavior
If there is no identity source (either token or query string), the
AuthSchemewill automatically return anunauthorizedresult, leading to the API request to fail.Expected behavior/code
The event passed into the Authorizer should have undefined
authorizationTokenandidentitySourcefields, but it should be up to the Authorizer Lambda to pass/fail the request. This would be in line with AWS's behaviour.Environment
serverlessversion: 3.30.1serverless-offlineversion: 12.0.4node.jsversion: 18.14OS: Windows 10Possible Solution
Remove the automatic fail at these lines.