API Gateway seems to not accept auth tokens correctly when configured
with a custom authorizer, for all I could find the request doesn't event hit
the authorized and is being rejected by API Gateway.
when configured like this:
whoami:
handler: src/lambdas/session/whoami.handler
events:
- http:
path: session/whoami
method: get
cors: true
authorizer:
name: customAuthorizer
resultTtlInSeconds: 0
identitySource: method.request.header.Authorization
identityValidationExpression: Bearer .*
API Gateway responds with the following:
{
"message": "'sometoken' not a valid key=value pair (missing equal-sign) in Authorization header: 'Bearer sometoken'."
}
And when configured like this:
whoami:
handler: src/lambdas/session/whoami.handler
events:
- http:
path: session/whoami
method: get
cors: true
authorizer:
name: customAuthorizer
resultTtlInSeconds: 0
identitySource: method.request.header.Authorization
identityValidationExpression: Bearer .*
The error is:
{
"message": "Authorization header requires 'Credential' parameter. Authorization header requires 'Signature' parameter. Authorization header requires 'SignedHeaders' parameter. Authorization header requires existence of either a 'X-Amz-Date' or a 'Date' header. Authorization=sometoken"
}
Thanks!
Hey @BarakChamo thanks for opening.
Could you maybe provide the solution for your problem so that others who stumble upon this issue can see how it can be resolved?
Thanks! 👍
This is usually related to requesting a URL that doesn't exist. Please make sure you're using the correct HTTP method and resource path to a valid resource (the sample invoke URL does not include any resource path). Also, make sure you remember to deploy before testing.
As @jorgecar mentioned this happens when URL does not exist. If you are adding resources to API Gateway then do not forget to deploy those APIs.
Most helpful comment
This is usually related to requesting a URL that doesn't exist. Please make sure you're using the correct HTTP method and resource path to a valid resource (the sample invoke URL does not include any resource path). Also, make sure you remember to deploy before testing.