Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Custom authorizer errors on deployment #3205

Closed
BarakChamo opened this issue Feb 8, 2017 · 4 comments
Closed

Custom authorizer errors on deployment #3205

BarakChamo opened this issue Feb 8, 2017 · 4 comments

Comments

@BarakChamo
Copy link

This is a Bug Report

Description

API Gateway seems to not accept auth tokens correctly when configured
with a custom authorizer, for all I could find the request doesn't event hit
the authorized and is being rejected by API Gateway.

when configured like this:

  whoami:
    handler: src/lambdas/session/whoami.handler
    events:
      - http:
          path: session/whoami
          method: get
          cors: true
          authorizer:
            name: customAuthorizer
            resultTtlInSeconds: 0
            identitySource: method.request.header.Authorization
            identityValidationExpression: Bearer .*

API Gateway responds with the following:

{
  "message": "'sometoken' not a valid key=value pair (missing equal-sign) in Authorization header: 'Bearer sometoken'."
}

And when configured like this:

  whoami:
    handler: src/lambdas/session/whoami.handler
    events:
      - http:
          path: session/whoami
          method: get
          cors: true
          authorizer:
            name: customAuthorizer
            resultTtlInSeconds: 0
            identitySource: method.request.header.Authorization
            identityValidationExpression: Bearer .*

The error is:

{
  "message": "Authorization header requires 'Credential' parameter. Authorization header requires 'Signature' parameter. Authorization header requires 'SignedHeaders' parameter. Authorization header requires existence of either a 'X-Amz-Date' or a 'Date' header. Authorization=sometoken"
}

Additional Data

  • Serverless Framework Version you're using: 1.6.1:

Thanks!
@pmuens
Copy link
Contributor

pmuens commented Feb 8, 2017

Hey @BarakChamo thanks for opening.

Could you maybe provide the solution for your problem so that others who stumble upon this issue can see how it can be resolved?

Thanks! 👍

@jorgecar
Copy link

This is usually related to requesting a URL that doesn't exist. Please make sure you're using the correct HTTP method and resource path to a valid resource (the sample invoke URL does not include any resource path). Also, make sure you remember to deploy before testing.

@sidswnt
Copy link

sidswnt commented Feb 15, 2019

As @jorgecar mentioned this happens when URL does not exist. If you are adding resources to API Gateway then do not forget to deploy those APIs.

@aarzootrehannagarro
Copy link

Can we pass a custom error instead of this error
"message": "Authorization header requires 'Credential' parameter. Authorization header requires 'Signature' parameter. Authorization header requires 'SignedHeaders' parameter. Authorization header requires existence of either a 'X-Amz-Date' or a 'Date' header. Authorization=sometoken"

I am looking to pass a generic error like:
Please check your URL.

Is it possible?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@pmuens @jorgecar @BarakChamo @sidswnt @aarzootrehannagarro