Feature Request: API Gateway Authorizer support in SAM Local

[azcdev]

I'm using the tool to spin up locally an API gateway and run my lambda functions. However, I don't know how to configure an authorizer in template.yml

In my template.yml file, I have the following configuration:

JwtAuthorizerFunction:
    Type: AWS::Serverless::Function
    Properties:
      Environment:
        Variables:
          JWT_SECRET: '<<secret>>'
      Handler: authorizers.jwt
      Runtime: nodejs6.10
      Role:
        Fn::ImportValue:
          !Join ['-', [!Ref 'ProjectId', !Ref 'AWS::Region', 'LambdaTrustRole']]

If I understand the authorizers documentation correctly, I should be able to add the following configurations in order to configure my authorizer

Authorizer: 
  Type: "AWS::ApiGateway::Authorizer"
  Properties: 
    AuthorizerCredentials: 
      Fn::GetAtt: 
        - "LambdaInvocationRole"
        - "Arn"
    AuthorizerResultTtlInSeconds: "300"
    AuthorizerUri: "arn:aws:lambda:us-east-1:<<myarn>>:function:<<lambda function arn>>"
    Type: "TOKEN"
    IdentitySource: "method.request.header.Authorization" 
    Name: "DefaultAuthorizer"
    RestApiId: 
      Ref: "RestApi"

Everything up until that point works fine. If I run
sam validate the output is Valid!
sam local start-api executes without a problem.

However, I don't know how to configure the custom authorizer in my lambda functions. I've read the AWS::Serverless::Function documentation but I couldn't find anything relevant to my issue. Furthermore, there are two issues about adding support for AuthorizationType to the API but it's unclear whether this support will ever be added, or if it has been added already.

Any help pointing in the right direction is greatly appreciated!

[PaulMaddox]

Hi @alanchavez88,

Currently configuring a custom authorizer isn't supported when running locally with SAM Local.

I'll leave this issue open as a feature request for our backlog.

Thanks

[azcdev]

Thanks @PaulMaddox for the response!

If I understand the model correctly, it shouldn't matter if my custom authorizer does not run locally, right? In AWS, only authorized requests can trigger the lambda function, correct?

[sanathkr]

Yes, an authorization request should trigger the Lambda in AWS cloud

I'm wondering how I may use a Cognito Authorizer, is there sample for that? I've gone through all the 5 samples of SAM template.ymls on the internet and am not able to see how I may do so.

Should I just rely on the swagger export? I am migrating an existing hand-build API Gateway to SAM. Thanks for help!

[bradwoods]

I'm also looking for examples of how to integrate a Cognito Authorizer with lambdas made via SAM templates.

[mohithg]

This is a good to have feature in SAM Local, so we can test the authorization functions before deploying

[sujithsnair86]

Hi is there a resolution yet for including Custom Authoriser lambda over SAM template itself or is this still a feature request AWS SAM Team is working on?

[ThomasSmWatson]

My database url will not work as it contains '=' and other special characters, int he env variables.
How would I get around this? This is a reliant to my company

[gregaeq]

Interested in this feature as well. Attempting to use sam-local to auth with Cognito before making subsequent requests.

[kanchen]

Same here. Anyone knows the timeline to support SAM local custom authorizer ?