4

I have an AWS API Gateway that uses a custom authorizer, and if the request is authorized, it triggers another lambda function. Since yesterday, whenever I call the API, I get an error saying { "message": null } and a 500 Internal Server Error. In the response headers it says x-amzn-ErrorType →AuthorizerConfigurationException. I can see in the logs that the authorizer is called and returns a valid policy, and that the other lambda function is not triggered. I have not (knowingly) changed the authorizer. Can anyone give me a hint what might be wrong here? I have read this question but there the mistake was that the returned policy was wrongly formatted, while I didn't change my authorizer and it worked before.

Gasp0de
  • 1,199
  • 2
  • 12
  • 30
  • 1
    I'd recommend running two tests, that will hopefully point out where the error lies. First test a token from the API Gateway (under Authorizers), this will solely test the authorizer. If that works, test the API from API Gateway, this won't invoke the authorizer. – K Mo Jul 05 '18 at 12:34
  • 2
    Thank you, I found the reason for the failure. API Gateway claims that the JSON returned from my authorizer is invalid because it contains a list (that is in the context part, not in the policy. However, according to https://jsonlint.com/ it is valid. If I replace the list with a string, API Gateway accepts the authorizers response. I will ask our contact at Amazon if it is a bug or if this is expected behaviour. – Gasp0de Jul 05 '18 at 12:50
  • 2
    @Gasp0de the JSON may be valid, but the `context` object is a simple map that only supports scalar strings, so it is an invalid response for that reason. [*"Notice that you cannot set a JSON object or array as a valid value of any key in the context map."*](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-lambda-authorizer-output.html) – Michael - sqlbot Jul 05 '18 at 14:10
  • @Michael-sqlbot thanks for the info, I did not know that! – Gasp0de Jul 07 '18 at 21:59

1 Answers1

0

The context portion of your policy document can contain only String, Boolean or Numeric values. Arrays and Objects are illegal.

The documentation states:

The returned values are all stringified. Notice that you cannot set a JSON object or array as a valid value of any key in the context map.

Source: https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-lambda-authorizer-output.html

schmidlop
  • 1,356
  • 16
  • 31