Hello I follow documentation for adding lambda authorizer fo Serverless Stack #help

Hello. I follow documentation for adding lambda au...

Slawomir Stec

08/25/2021, 4:27 AM

Hello. I follow documentation for adding lambda authorizer for specific routes.

Copy code

const api = new sst.Api(this, "Api", {
    // defaultAuthorizationType: ApiAuthorizationType.CUSTOM,
    defaultAuthorizer: new HttpLambdaAuthorizer({
        authorizerName: "LambdaAuthorizer",
        handler: new sst.Function(this, "Authorizer", {
            handler: "src/authorizer.handler"
        }),
    }),
    routes: {
        "GET /private": {
            authorizationType: ApiAuthorizationType.CUSTOM,
            handler: "src/private.handler"
        },
        "GET /authenticate/facebook": "src/auth-facebook.handler"
    }

[8:27 AM] I checked 0.40.1 and latest 0.40.2 -> in both cases produced Cloudformation template contains

Copy code

[8:27 AM] AuthorizationType: NONE

[8:28 AM] I can set defaultAuthorizationType to CUSTOM, however this apply for all routes and can’t be overwritten with authorizationType for specific routes

Sam Hulick

08/25/2021, 4:34 AM

to override, this is the format:

Copy code

'GET /embeds/{embedId}': {
    function: 'get-embed.main',
    authorizationType: sst.ApiAuthorizationType.NONE,
  },

Slawomir Stec

08/25/2021, 4:39 AM

this didn't work for me

Slawomir Stec

08/25/2021, 4:40 AM

do you have defaultAuthorizationType. set to ApiAuthorizationType.CUSTOM ?

Sam Hulick

08/25/2021, 5:23 AM

no, my default is set to JWT. but the same concept applies.. doesn’t matter what the authorization type is.

Sam Hulick

08/25/2021, 5:24 AM

I have:

Copy code

const api = new sst.Api(this, 'RestAPI', {
      defaultAuthorizationType: sst.ApiAuthorizationType.JWT,
      defaultAuthorizer: new HttpUserPoolAuthorizer({
        userPool: props.cognitoAuth.cognitoUserPool!,
        userPoolClient: props.cognitoAuth.cognitoUserPoolClient!,
      }),

so all my API routes require JWT auth. but I can override with

NONE

in specific routes

Slawomir Stec

08/25/2021, 5:32 AM

hmm, must miss something else, I deploy following test stack:

Slawomir Stec

08/25/2021, 5:32 AM

and in result

Slawomir Stec

08/25/2021, 5:34 AM

/facebook route should have authorization NONE

Sam Hulick

08/25/2021, 6:00 AM

oh.. if you changed the authorization, that won’t work. you have to comment out the route, deploy, then add the route back in, and deploy

Sam Hulick

08/25/2021, 6:00 AM

it’s a limitation in CloudFormation

Slawomir Stec

08/25/2021, 6:37 AM

I deleted the stack and deployed in two separate regions, same issue. I think I have to create fresh project to test it in isolation from my other stacks…

Frank

08/25/2021, 7:13 AM

@Slawomir Stec This is invalid:

Copy code

"GET /private": {
            authorizationType: ApiAuthorizationType.CUSTOM,
            handler: "src/private.handler"
        },

This is valid

Copy code

"GET /private": {
            authorizationType: ApiAuthorizationType.CUSTOM,
            function: "src/private.handler"
        },

This is also valid

Copy code

"GET /private": {
            authorizationType: ApiAuthorizationType.CUSTOM,
            function: {
              handler: "src/private.handler"
            }
        },

Slawomir Stec

08/25/2021, 7:27 AM

@Frank yes, it works now, thank you

Frank

08/25/2021, 7:28 AM

Yeah, we will be adding some input validation, and that should catch invalid input format (cc @thdxr)

Sean Matheson

01/25/2022, 9:02 AM

Oh wow, this proper caught me out. Even looking at @Frank's code above it took me a while to make the distinction between

function

handler

. I need to do some more reading on the difference here.

2 Views

Open in Slack

Previous Next