Looking further up in the file, it seems that the header name is enforced as authorization. I'm using a JWT header that is named something else and can't be easily changed, so this is problematic. What's the reasoning behind enforcing this? If it's to comply with standards it might be nice to allow people to bail out for the sake of backwards compatibility.
It also seems like the identitySource config is ignored here - am I misunderstanding its usage?
As a workaround, if I set an authorization header with any string value, everything works fine - but I would prefer to avoid this.
Previously in v8.4.0 this wasn't a problem, because this header check would only happen if the type wasn't request:
I'm upgrading from
v8.4.0to13.3.3and have started running into this error:my config looks something like this:
Looking through the source code, this error originates from here: https://github.com/dherault/serverless-offline/blob/c85a19272c59ad9e7cf1aea74e3442c7607b533a/src/events/http/createAuthScheme.js#L90-L95
Looking further up in the file, it seems that the header name is enforced as
authorization. I'm using a JWT header that is named something else and can't be easily changed, so this is problematic. What's the reasoning behind enforcing this? If it's to comply with standards it might be nice to allow people to bail out for the sake of backwards compatibility.It also seems like the
identitySourceconfig is ignored here - am I misunderstanding its usage?As a workaround, if I set an
authorizationheader with any string value, everything works fine - but I would prefer to avoid this.Previously in
v8.4.0this wasn't a problem, because this header check would only happen if the type wasn'trequest:https://github.com/dherault/serverless-offline/blob/5df70c8043ca59f34bf8c7c58670254fa68a83fc/src/events/http/createAuthScheme.js#L98-L99
Appreciate any help here, thanks! 😄