Serverless: Custom authorizer errors on deployment

Created on 8 Feb 2017 · 3Comments · Source: serverless/serverless

This is a Bug Report

Description

API Gateway seems to not accept auth tokens correctly when configured
with a custom authorizer, for all I could find the request doesn't event hit
the authorized and is being rejected by API Gateway.

when configured like this:

  whoami:
    handler: src/lambdas/session/whoami.handler
    events:
      - http:
          path: session/whoami
          method: get
          cors: true
          authorizer:
            name: customAuthorizer
            resultTtlInSeconds: 0
            identitySource: method.request.header.Authorization
            identityValidationExpression: Bearer .*

API Gateway responds with the following:

{
  "message": "'sometoken' not a valid key=value pair (missing equal-sign) in Authorization header: 'Bearer sometoken'."
}

And when configured like this:

  whoami:
    handler: src/lambdas/session/whoami.handler
    events:
      - http:
          path: session/whoami
          method: get
          cors: true
          authorizer:
            name: customAuthorizer
            resultTtlInSeconds: 0
            identitySource: method.request.header.Authorization
            identityValidationExpression: Bearer .*

The error is:

{
  "message": "Authorization header requires 'Credential' parameter. Authorization header requires 'Signature' parameter. Authorization header requires 'SignedHeaders' parameter. Authorization header requires existence of either a 'X-Amz-Date' or a 'Date' header. Authorization=sometoken"
}

Additional Data

Serverless Framework Version you're using: 1.6.1:

Thanks!

Source

BarakChamo

Most helpful comment

This is usually related to requesting a URL that doesn't exist. Please make sure you're using the correct HTTP method and resource path to a valid resource (the sample invoke URL does not include any resource path). Also, make sure you remember to deploy before testing.