4

I have created a Lambda Authorizer on a AWS API Gateway, which calls a Lambda Function. Following is the code in the Lambda Function written in Node.js 8.0 code.

exports.handler =  function(event, context, callback) {
    var token = event.authorizationToken;
    switch (token.toLowerCase()) {
        case 'allow':
            callback(null, generatePolicy('user', 'Allow', event.methodArn));
            break;
        case 'deny':
            callback(null, generatePolicy('user', 'Deny', event.methodArn));
            break;
        case 'unauthorized':
            callback("Unauthorized");   // Return a 401 Unauthorized response
            break;
        default:
            callback("Error: Invalid token"); 
    }
};

// Help function to generate an IAM policy
var generatePolicy = function(principalId, effect, resource) {
    var authResponse = {};

    authResponse.principalId = principalId;
    if (effect && resource) {
        var policyDocument = {};
        policyDocument.Version = '2012-10-17'; 
        policyDocument.Statement = [];
        var statementOne = {};
        statementOne.Action = 'execute-api:Invoke'; 
        statementOne.Effect = effect;
        statementOne.Resource = resource;
        policyDocument.Statement[0] = statementOne;
        authResponse.policyDocument = policyDocument;
    }

    // Optional output with custom properties of the String, Number or Boolean type.
    authResponse.context = {
        "stringKey": "stringval",
        "numberKey": 123,
        "booleanKey": true
    };
    return authResponse;
}

(The above sample code if from the web site https://markpollmann.com/lambda-authorizer/)

If I save and Test this function by passing an invalid value for authorizationToken, I get expected result which is below.

Response:
{
  "errorMessage": "Error: Invalid token"
}

Request ID:
"e93567c0-fcbb-4cb1-b0b3-28e9c1b30162"

But If I call this API from Postman, by passing the value in the header, I get the following response. I am getting this error for any value in the header i.e, deny, allow, unauthorized, wrong etc. 

{
    "message": null
}

The status message in postman shows "500 Internal Server Error". Following is the detail from header section in postman.

content-length →16
content-type →application/json
date →Fri, 08 Mar 2019 14:07:57 GMT
status →500
x-amz-apigw-id →W89kFDRDoEFxYg=
x-amzn-errortype →AuthorizerConfigurationException
x-amzn-requestid →92f31d11-41ab-11e9-9c36-97d38d96f31b

I do not understand why the API is returning the above response and error message, while the Lambda test is working fine.

I have already gone through the following two threads in SO, but the answers/comments couldn't help in my case.

AWS API Gateway with custom authorizer returns AuthorizerConfigurationException AWS API Gateway Custom Authorizer AuthorizerConfigurationException

KurioZ7
  • 6,028
  • 13
  • 46
  • 65

1 Answers1

8

I have understood the reason why I was getting message = null for the invalid input. The default block in the switch case was using parameter "Error: Invalid token" in the callback() method. API Gateway only identifies "Allow", "Deny" and "Unauthorized" as valid values. These values are also case sensitive. If any string values other than these values are passed to the callback() method, then API Gateway will return message=null to the client.

KurioZ7
  • 6,028
  • 13
  • 46
  • 65
  • Why the response is not `{message: "Error: Invalid token"}` ? – walter_dl Jan 08 '20 at 01:41
  • In my case was a property in the context returned by the lambda authorizer that had an array as value and that breaks something in AWS. I let my auth0 forum thread here just in case https://community.auth0.com/t/error-calling-my-external-api/96403 – German Dec 16 '22 at 21:50