2

I am trying to test authorization of a Lambda function using Cognito, Serverless framework & Serverless-Offline plugin.

When I run my stack locally using serverless offline, all requests by default are authorized and I can execute them without a problem.

The command is serverless offline

What I cant do is test unauthorized requests locally, when I use the argument --noAuth the request is still authorized by default, which means I can't test scenarios of unauthorized access.

Using serverless offline --noAuth

When I am developing locally, how can I test requests against my handler that are unauthorized?

Here is my yml:

service: apples

provider:
  name: aws
  runtime: nodejs8.10
  stage: ${opt:stage, 'dev'}
  region: ap-southeast-2
  profile: personal

plugins:
  - serverless-offline

functions:
  hello:
    handler: handler.hello
    events:
      - http:
          path: users
          method: get          
          cors: true
          authorizer:
            arn: ${cf:apples-auth-dev.CognitoUserPoolArn}
shenku
  • 11,969
  • 12
  • 64
  • 118
  • 3
    The `--noAuth` option with serverless offline turns off custom authentication. Your question is a bit vague as you describe the need to test unauthorized requests. For that case you need a request that attempts to accesses unauthorized, but you will need to have authorizer in function. Or you are trying to achieve something else, in which case you should be more clear in your question. – kaskelotti Jan 30 '19 at 11:05

0 Answers0