Generate generic method policy for API Gateway #8
Conversation
This pull requests allows the authorizer to be cached and reused with different methods. Perhaps it would be good to add some sort of configuration and document such feature. Per API Gateway documentation (https://docs.aws.amazon.com/apigateway/latest/developerguide/configure-api-gateway-lambda-authorization-with-console.html): >... >Note >To enable caching, your authorizer must return a policy that is applicable to all methods across an API. To enforce method-specific policy, you can set the TTL value to zero to disable policy caching for the API. >...
|
This actually breaks the current walkthrough on the Auth0 guide located here. It calls for a TTL of 3600 in the setup using this lambda. Highly recommend we either add this PR or update the walk through. |
|
If anyone else is seeing good tokens seemingly randomly being not accepted by API Gateway and your authorizer not even being called, I may have an answer for you. The symptom is that the first API call you make works, and continue to works but any other method or endpoint doesn't. See this link that explains why: The fix is to make the changes in this PR to your authorizer and enable the authorizer cache - OR don't make this change and disable caching. @auth0 - please merge and make it the default |
|
I was having the exact same issue, my calls were working first as long as they were GET calls, as soon as it switched to a POST, they would end up not being "Authorized". Applied this patch and everything was working, so I can confirm that this is still happening. |
|
I would love to see this merged! |
This pull requests allows the authorizer to be cached and reused with different methods. Perhaps it would be good to add some sort of configuration and document such feature.
Per API Gateway documentation (https://docs.aws.amazon.com/apigateway/latest/developerguide/configure-api-gateway-lambda-authorization-with-console.html):