Closed duplow closed 4 months ago
any updates on this PR? I'm running into this exact problem. I tried this solution but it did not work. https://stackoverflow.com/questions/70035396/allow-guest-mode-no-authorization-in-custom-authorizer-in-aws
My use case is simple, I need "guest" access to a number of end-points behind an custom authorizer. I can handle the request in my code, but right now, the request fails ("✖ Identity Source is null for header authorization (λ: authorizerFunc)") before hitting my Authorizer function.
service: core-services
plugins:
- serverless-plugin-optimize
- serverless-offline
useDotenv: true
frameworkVersion: '3'
provider:
name: aws
runtime: nodejs20.x
stage: dev
region: us-east-2
timeout: 10 # optional, in seconds, default is 6
apiGateway:
shouldStartNameWithService: true
environment:
httpApi:
cors: true
authorizers:
authorizerFunc:
type: request
functionName: authorizerFunc
resultTtlInSeconds: 0
functions:
main:
handler: dist/src/serverless.handler
events:
- httpApi:
cors: true
method: any
path: '/v1/auth/{any+}'
- httpApi:
path: /{any+}
method: any
authorizer:
name: authorizerFunc
authorizerFunc:
handler: dist/src/authorizer/auth.handler
Hi, any news about this?
AWS is going to retire node16 for lambdas and at the moment, we have used serverless-offline:8.0.0 to workaround this issue but come June 2024, we have no choice but to upgrade to node 18, which then results into this error.
Can someone take a look at this PR, doesn't look complicated and could solve the issue of a lot of people...
@celadari @PierrickI3 @jdhrivas #1639 already fixes that. I even tested locally scenario described in #1638
We also have integration tests for this. They aren't exactly the same as described here, but I added:
identitySource: ""
and it passed
Description
To maintain compatibility with older versions of
serverless-offline
(< 8.0.0) this PR adds a default value of''
(empty string) when the identity source value is not sent in the requestMotivation and Context
When the identity source value is not provided in the request, a 401 error is triggered and the request is not sent to the authorizer. Different from what happens in production on AWS
Related issues:
https://github.com/dherault/serverless-offline/issues/1638
How Has This Been Tested?
Integration tests + running locally