I'm curious about the full purpose of env.AUTHORIZER for mocking remote authorizers. From what I can tell, even with that environment variable set the authorizer is still validated and ran, but then the authorizer result is discarded in favor of the mocked value in the environment variable. It seems there'd be value in bypassing the entire authorization process and just immediately returning the mocked value to support use-cases that currently don't work. I can't tell if this was the intent of the environment variable or if the current functionality is preferred.
For example, the following use-case doesn't work since it relies on referencing an authorizer function by ARN:
I'm curious about the full purpose of
env.AUTHORIZERfor mocking remote authorizers. From what I can tell, even with that environment variable set the authorizer is still validated and ran, but then the authorizer result is discarded in favor of the mocked value in the environment variable. It seems there'd be value in bypassing the entire authorization process and just immediately returning the mocked value to support use-cases that currently don't work. I can't tell if this was the intent of the environment variable or if the current functionality is preferred.For example, the following use-case doesn't work since it relies on referencing an authorizer function by ARN:
However, if
env.AUTHORIZERskipped hooking up the actual authorizer, it wouldn't matter what authorizer was used since the result is mocked anyway.