AWS authorizer returns 500, message: null, with AuthorizerConfigurationException error in response
Question
I've spent the better part of today trying to make authorizers work, I've checked multiple examples and they all seem to be doing the same thing my code does.
I use serverless framework here's the authorization code:
exports.handler = function (event: APIGatewayTokenAuthorizerEvent): APIGatewayAuthorizerResult {
const authorizer = new Authorizer();
try {
if (!event.authorizationToken) throw new Error("No token");
const token = event.authorizationToken.split(" ")[1];
const decodedData = authorizer.verifyToken(token) as unknown as User;
const policy = generatePolicy(token, event.methodArn);
return {
...policy,
context: {
user: JSON.stringify(decodedData),
},
};
} catch (err) {
console.log(err);
throw "Unauthorized";
}
};
const generatePolicy = (principalId: string, methodArn: string) => {
return {
principalId,
policyDocument: {
Version: "2012-10-17",
Statement: [
{
Action: "execute-api:Invoke",
Effect: "Allow",
Resource: methodArn,
},
],
},
};
};
and here's the serverless config
const serverlessConfiguration: AWS = {
service: "user-crud",
frameworkVersion: "2",
custom: {
webpack: {
webpackConfig: "./webpack.config.js",
includeModules: true,
},
},
plugins: ["serverless-webpack"],
provider: {
name: "aws",
runtime: "nodejs14.x",
region: "eu-west-1",
apiGateway: {
minimumCompressionSize: 1024,
shouldStartNameWithService: true,
},
environment: {
AWS_NODEJS_CONNECTION_REUSE_ENABLED: "1",
},
lambdaHashingVersion: "20201221",
},
functions: {
jwtAuthorizer: {
handler: "src/api/authorizer.handler",
name: "jwtAuthorizer",
},
get: {
name: "get",
handler: "src/api/get.handler",
role: "arn:aws:iam::109394173706:role/dynamodb_cloudwatch_full",
events: [
{
http: {
path: "get",
method: "get",
cors: true,
authorizer: "jwtAuthorizer",
},
},
],
},
}...
I always get 500 response when the token is correct and I return the object, so I guess there's something wrong with the return object?
If the token is incorrect and I throw "Unauthorized" then I get back the correct 401 response.
2 answers
solution1
0 2021-07-11 21:36:51
显然,处理程序需要是异步的,否则,它需要一个回调......时间花得很好:|
solution2
0 2022-04-24 16:53:49
Well, there are some other reasons for getting,
{
message : null
}
error from Api Gateway. I had a very hard time identifying mine.
- The API Gateway might lack permission to invoke the authorizer lambda. Make sure you add
Lambda Invoke Rolefor your authorizer - You should not modify the request context (not talking about response context) . Whenever I try, I get
Execution failed due to configuration error: Invalid JSON in response: Unrecognized field "headers", not marked as ignorablein Api Gateway Logs. You have to tackle it by adding cors with explicit mention of those headers - The return policy should comply with the Lambda response 1.0 version. If you want to use
booleanbased return, you must enable lambda response 2.0 - If you have updated the authorizer lambda function name or something, it is better to
deletetheRestApiGatewayand create again. The changes might not get updated in CloudFront properly sometimes. - The response context you give will allow only String, Number or Boolean types. Example,
function allowPolicy(methodArn) { console.log("Allow Policy") return { "principalId": "apigateway.amazonaws.com", "policyDocument": { "Version": "2012-10-17", "Statement": [ { "Action": "execute-api:Invoke", "Effect": "Allow", "Resource": methodArn } ] }, "context": { "stringValue": "blablabla", "numberValue": 10, "booleanValue": true, } }; }
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.