Is there a way to setup `sst.Api` to use a `custom...
# help
Is there a way to setup
to use a
custom authorizer
but also allow for anonymous access? Our Custom Authorizer passes into the rest calls the user’s ROLE if they have one. otherwise they are considered anonymous.
I think the way you have it is the way to do it, custom authorizer allows it but sets some data to null or "anonymous"
right but right now I’m getting
401 Unauthorized
UNLESS I pass something in the header.Authorization
if its empty… it never makes it even to my custom authorizer and 401
ah - I actually gave up on doing authorization through a lambda and I just do it using a middleware pattern in my application
might have to settle for that or on your clients putting Authorization: anonymous in all requests
ah…. ya best to do in in the gateway I think… then it can cache your token and approval
Authorization header is cached when you use a Authorizer
faster calls