Serverless Stack

Is there a way to setup `sst.Api` to use a `custom authorizer` but *also* allow for anonymous access?
Our Custom Authorizer passes into the rest calls the user’s ROLE if they have one. otherwise they are considered anonymous.

I think the way you have it is the way to do it, custom authorizer allows it but sets some data to null or "anonymous"

right but right now I’m getting `401 Unauthorized` UNLESS I pass *something* in the header.Authorization

if its empty… it never makes it even to my custom authorizer and 401

ah - I actually gave up on doing authorization through a lambda and I just do it using a middleware pattern in my application

might have to settle for that or on your clients putting Authorization: anonymous in all requests

ah…. ya best to do in in the gateway I think… then it can cache your token and approval

Authorization header is cached when you use a Authorizer