Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Sends authorizer request even if Identity Source value is not present in the request #1735

Closed
wants to merge 3 commits into from

Conversation

duplow
Copy link

@duplow duplow commented Sep 18, 2023

Description

To maintain compatibility with older versions of serverless-offline (< 8.0.0) this PR adds a default value of '' (empty string) when the identity source value is not sent in the request

Motivation and Context

When the identity source value is not provided in the request, a 401 error is triggered and the request is not sent to the authorizer. Different from what happens in production on AWS

✖ Identity Source is null for header authorization (λ: authorizer)

Related issues:

#1638

How Has This Been Tested?

Integration tests + running locally

@duplow duplow marked this pull request as ready for review September 18, 2023 23:16
@duplow duplow changed the title Make authorization optional for Identity Source Header and Querystring feat: Sends authorizer request even if Identity Source value is not present in the request Sep 18, 2023
@jdhrivas
Copy link

jdhrivas commented Mar 23, 2024

any updates on this PR? I'm running into this exact problem. I tried this solution but it did not work. https://stackoverflow.com/questions/70035396/allow-guest-mode-no-authorization-in-custom-authorizer-in-aws

My use case is simple, I need "guest" access to a number of end-points behind an custom authorizer. I can handle the request in my code, but right now, the request fails ("✖ Identity Source is null for header authorization (λ: authorizerFunc)") before hitting my Authorizer function.

service: core-services
plugins:
  - serverless-plugin-optimize
  - serverless-offline

useDotenv: true
frameworkVersion: '3'

provider:
  name: aws
  runtime: nodejs20.x
  stage: dev
  region: us-east-2
  timeout: 10 # optional, in seconds, default is 6
  apiGateway:
    shouldStartNameWithService: true
  environment:
  httpApi:
    cors: true
    authorizers:
      authorizerFunc:
        type: request
        functionName: authorizerFunc
        resultTtlInSeconds: 0

functions:
  main:
    handler: dist/src/serverless.handler
    events:
      - httpApi:
          cors: true
          method: any
          path: '/v1/auth/{any+}'
      - httpApi:
          path: /{any+}
          method: any
          authorizer:
            name: authorizerFunc
  authorizerFunc:
    handler: dist/src/authorizer/auth.handler

@PierrickLozach
Copy link

Hi, any news about this?

AWS is going to retire node16 for lambdas and at the moment, we have used serverless-offline:8.0.0 to workaround this issue but come June 2024, we have no choice but to upgrade to node 18, which then results into this error.

@celadari
Copy link

Can someone take a look at this PR, doesn't look complicated and could solve the issue of a lot of people...

@DorianMazur
Copy link
Collaborator

DorianMazur commented May 22, 2024

@celadari @PierrickI3 @jdhrivas #1639 already fixes that. I even tested locally scenario described in #1638

We also have integration tests for this. They aren't exactly the same as described here, but I added:

identitySource: ""

and it passed
image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants