SAM Local doesn't appear to be running Authorizer functions

Asked 23/8, 2019 at 20:16 Answered 18/4, 2023 at 13:45

I've just gotten started using SAM Local, but am coming up againast an issue when trying to configure an Authorizer function for my endpoints.

I've been looking at the main SAM documentation for how to set up the Auth functions, but whenever I try to run the API locally with sam local start-api, it runs fine, but as if it's not even trying to run the auth functions.

I've tried defining the Auth in both the Global.API as well as defining an API resource in the Resources section of SAM's template.yaml

# template.yaml
Globals:
  Function:
    Timeout: 3
    CodeUri: src/
    Runtime: nodejs8.10
  Api:
    Auth:                        # Option #1: Defining it globally
      DefaultAuthorizer: CustomJWTAuthorizer
      Authorizers:
        CustomJWTAuthorizer:
          FunctionArn: !GetAtt AuthFunction.Arn    
Resources:
  UserApi:
    Auth:                        # Option #2: Defining it as an API resource
      Authorizers:
        MyLambdaTokenAuth:
          FunctionPayloadType: TOKEN
          FunctionArn: !GetAtt AuthFunction.Arn
      DefaultAuthorizer: MyLambdaTokenAuth
  GetUserFunction:
    Type: AWS::Serverless::Function
    Properties:
      Handler: handler.getUser
      Events:
        GetUser:
          Type: Api
          Properties:
            Path: /users/{userId}
            Method: get
            Auth:                    # Option #3: Define it on the function level
              Authorizer: AuthFunction
            RestApiId:
                Ref: UserApi
  AuthFunction:
    Type: AWS::Serverless::Function
    Properties:
      Handler: handler.authorize

I've tried printing out the event to the console, and can see that event.requestContext is just being populated with dummy data rather than being passed it if it were pushed live:

  // console.log(event)

  ...  
  resource: '/users/{userId}', 
  requestContext:     { resourceId: '123456',
     apiId: '1234567890',
     resourcePath: '/users/{userId}',
     httpMethod: 'GET',
     requestId: 'c6af9ac6-7b61-11e6-9a41-93e8deadbeef',
     accountId: '123456789012',
     stage: null,
     identity: 
      { apiKey: null,
        userArn: null,
        cognitoAuthenticationType: null,
        caller: null,
        userAgent: 'Custom User Agent String',
        user: null,
        cognitoIdentityPoolId: null,
        cognitoAuthenticationProvider: null,
        sourceIp: '127.0.0.1',
        accountId: null },
   extendedRequestId: null,
   path: '/users/{userId}' },
   ...

Perrone answered 23/8, 2019 at 20:16 Comment(1)

Hey, SAM already supported this. I have a working example github.com/Willis0826/sam-local-authorizer-example Feel free to take a look. – Trix 13/8, 2023 at 10:13

Edit: SAM Local nowadays supports Authorizers. As this is the accepted answer I unfortunately can't delete it. For details please check and upvote the answer below.

Unfortunately the AWS SAM CLI doesn't support authorizers yet when running code locally. However there is an open feature request to add support for it: https://github.com/awslabs/aws-sam-cli/issues/137.

Noam answered 23/8, 2019 at 20:29 Comment(1)

This is now supported stackoverflow.com/a/76045378 – Comanchean 20/10, 2023 at 15:30

As of April 18th 2023, it's supported in version v1.80.0 https://github.com/aws/aws-sam-cli/releases/tag/v1.80.0

Esprit answered 18/4, 2023 at 13:45 Comment(0)

-1

SAM doesn't support custom authorizers when you run locally now (SAM version 0.48). So you can't test it by using "sam local start-api".

But it supports in SAM YAML template and you can use SAM CLI to build and deploy custom authorizers to you AWS cloud Api Gateway. It can work well if your YAML setup is correct.

Decolonize answered 12/5, 2020 at 17:53 Comment(0)

Recommended topics

Hot tags