search

mantil-io / mantil

Build your AWS Lambda-based Go backends quicker than ever
https://www.mantil.com
MIT License
110 stars 3 forks source link

Enable authorizer caching #52

Closed djelusic closed 2 years ago

djelusic commented 2 years ago

Whenever a request uses a cached lambda authorizer response this results in a 500 error being returned from the API gateway. I did some digging and found this in the access logs:

{
    "requestId": "HGQeGiXZliAEPSw=",
    "ip": "93.142.91.220",
    "requestTime": "12/Oct/2021:13:57:46 +0000",
    "httpMethod": "POST",
    "routeKey": "POST /deploy",
    "status": "500",
    "protocol": "HTTP/1.1",
    "responseLength": "35",
    "authError": "The response from the Lambda Authorizer function doesn't match the format that API Gateway expects. Invalid json in authorizer response"
}

This is strange since the original authorizer response didn't cause any errors.

djelusic commented 2 years ago

So after trying a bunch of things I realized the problem was that we are storing user claims as a JSON string in the authorizer response context. For some reason this only works when the response is not cached. I fixed it by base64-encoding the claims and re-enabled caching.

In the process I also switched the authorizer payload version to v2 and enabled simple responses. So now the authorizer returns something like this instead of a policy:

{
  "isAuthorized":true,
  "context": {
    "mantilUserClaims": "<b64 encoded claims>"
  }
}

This works for us since we aren't performing any authorization on the authorizer beyond just checking the validity of the JWT token.