Hi serverless people wave I m trying to add a lambda authori Serverless Stack #help

Hi serverless people! :wave: I'm trying to add a l...

Karmo Rosental

06/01/2022, 11:54 PM

Hi serverless people! 👋 I'm trying to add a lambda authorizer but I get

{"message":"Unauthorized"}

before authorizer is even run. I can't see what I am doing differently from the official example.

Copy code

authorizers: {
            lambda: {
                type: "lambda",
                responseTypes: ["simple"],
                function: new Function(stack, "Authorizer", {
                    handler: `functions/authorizer.main`,
                }),
            },
        },

Copy code

defaults: {
            authorizer: "lambda",
        },

If I try to access protected endpoint then nothing at all is printed to terminal like it is for public endpoint. `functions/authorizer.ts`:

Copy code

export const main = async (event) => {
    console.log("Inside authorizer");
};

Where it can get blocked?

outaTiME

06/02/2022, 12:34 AM

Hi @Karmo Rosental, so you say (I suspect) that it could be the

ttl

that the authorizer handles by default (which is 5 minutes), maybe you were doing some tests and it was saved in the cache, you can force it using

resultsCacheTtl

in 0, for another side I remind you that it is always necessary for the authorizer to return some value for everything to work correctly

Karmo Rosental

06/02/2022, 10:18 AM

I set

resultsCacheTtl: "0 seconds",

and return this:

Copy code

export const main = async (event) => {
    console.log("Inside authorizer");
    return {
        isAuthorized: true,
        context: {
            username: "123",
        },
    };
};

Still nothing is printed out and it gives 401 Unauthorized.

outaTiME

06/02/2022, 12:33 PM

Are you using simple response type?

Karmo Rosental

06/02/2022, 7:28 PM

Yes

outaTiME

06/02/2022, 7:40 PM

mmm, wired … could you share the complete code of your Api construct?

Karmo Rosental

06/02/2022, 9:33 PM

Copy code

const api = new Api(stack, "Api", {
    authorizers: {
        lambda: {
            type: "lambda",
            responseTypes: ["simple"],
            function: new Function(stack, "Authorizer", {
                handler: `functions/authorizer.main`,
            }),
        },
    },
    defaults: {
        authorizer: "lambda",
        function: {
            environment: {
                DATABASE: SERVICE,
                CLUSTER_ARN: rds.clusterArn,
                SECRET_ARN: rds.secretArn,
            },
            permissions: [rds],
        },
    },
    routes: {
        "GET /one": "functions/one.main",
        "GET /two": {
            authorizer: "none",
            function: "functions/two.main",
        },
    },
});

outaTiME

06/02/2022, 9:44 PM

Everything seems fine, I don’t see what could be the problem 😪

outaTiME

06/02/2022, 9:48 PM

just in case, did you try to use some other name for the authorizer like

myAuthorizer

instead of

lambda

Karmo Rosental

06/02/2022, 9:51 PM

Yes I've tried that as well.

outaTiME

06/02/2022, 9:52 PM

🤦‍♂️

outaTiME

06/02/2022, 9:56 PM

which version of SST ?

Karmo Rosental

06/02/2022, 9:57 PM

1.2.11

outaTiME

06/02/2022, 9:58 PM

@Frank @thdxr 🤔

Karmo Rosental

06/02/2022, 10:09 PM

II only found a single line of vendedlog in CloudWatch that status 401 was returned. Nothing under lambda logs about these 401s.

Frank

06/03/2022, 7:01 PM

Just gave this a try.. so the way lambda authorizer checks for the

Authorization

header, and then calls the Lambda authorizer.

Frank

06/03/2022, 7:02 PM

@Karmo Rosental i’m guessing u r not passing in the header. (Yes, you’d need to pass in the header even if ur authorizer always returns

true

)

Frank

06/03/2022, 7:03 PM

You can test by setting the header like this in SST Console

Karmo Rosental

06/04/2022, 7:46 AM

@Frank that was exactly my issue 😀 Thank you for helping to figure it out.

Open in Slack

Previous Next