has anyone been seeing random 401 errors with the HTTP API i Serverless Stack #help

has anyone been seeing random 401 errors with the ...

Sam Hulick

09/22/2021, 4:27 PM

has anyone been seeing random 401 errors with the HTTP API? it makes no sense to me. the previous requests are totally fine.. then boom, a random 401. and if I resend the exact same request, I get HTTP 200.

Sam Hulick

09/22/2021, 4:28 PM

I have no clue how to debug this 😞 seems to me like it’s an issue with HTTP API. the response was super fast (64ms) and it didn’t hit Lambda at all

Frank

09/22/2021, 5:06 PM

Which request is super fast and didnt hit lambda? The 401?

Sam Hulick

09/22/2021, 5:06 PM

yep. in other words, API Gateway rejected it as unauthorized right away

Sam Hulick

09/22/2021, 5:06 PM

then when I resent it, same exact request 100%, I get a 200

Sam Hulick

09/22/2021, 5:07 PM

I’ll have to replicate this to get an API Gateway request ID, then contact AWS support

Omi Chowdhury

09/22/2021, 5:17 PM

I came across an issue thats kind of similar: https://github.com/auth0-samples/jwt-rsa-aws-custom-authorizer/pull/8 The symptoms aren’t exactly the same, but maybe it’s a clue. Try disabling the authorizer cache if you have it set, see if you still get the issue

Omi Chowdhury

09/22/2021, 5:22 PM

That issue was with the REST API, but looks like the behaviour is similar with HTTP API: https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html#http-api-lambda-authorizer.caching

Sam Hulick

09/22/2021, 5:46 PM

whoa. ok, I inspected the HAR file.. and I see this in the response:

Copy code

{
              "name": "www-authenticate",
              "value": "Bearer scope=\"\" error=\"invalid_token\" error_description=\"non-200 status code received from OIDC discovery endpoint\""
            },

Sam Hulick

09/22/2021, 5:59 PM

opened an AWS support ticket. we’ll see what they say.

Open in Slack

Previous Next