aws-api-gatewaycustom-authentication
AWS API Gateway custom Authorizer strange showing error
Here is the context:
- I set up a resource in the API gateway. /user/company
- This resource have 2 methods. Get and POST.
- I have configured a custom Authorizer for this resource.
The problem:
- I can call the GET method by sending right authorization information and I get the results as expected.
- I try to send a POST request and I get the following error:
{
"message": "User is not authorized to access this resource"
}- If I wait for few minutes, then call the POST method, it will work.
- If after calling the POST method and getting the results I call GET method, it will show the same error as mentioned above.
In addition, I have disabled cache for the authorizer.
What might have caused this issue?
Solution
This could be fixed in two ways that are described in buggy's answer: https://forum.serverless.com/t/rest-api-with-custom-authorizer-how-are-you-dealing-with-authorization-and-policy-cache/3310
Short version:
- Set custom authorizer policy resource as "*"
- Or (if you are ok with no caching) set TTL for custom authorizer to 0
See the answer by Michael for more details
- Cannot parse API request body in Lambda
- PUT call not working for s3 bucket using a AWS GATEWAY api?
- API Gateway cares about my Authorization header when it shouldn't
- aws api gateway whitelist reactjs app ip address
- how does missing data work in cloudwatch alarm?
- API Gateway Custom Authorizer: Control error message and code
- AWS API Gateway limit beyond 29 seconds - not being respected?
- Is it possible to use wildcards or catch-all paths in AWS API Gateway
- AWS Cognito network traffic flow related question
- Adding request validator to API Gateway using AWS CDK
- CDK API Gateway Lambda still getting timed out after increasing timeout duration
- In AWS API Gateway, can method level limits for a specific end point exceed stage level limit?
- Why does API Gateway not pass through the request path parameters in proxy mode?
- 403 on Options request within SAM local invoke, but not when deployed?
- How to integrate the lambdas uris in the AWS API Gateway Specification YAML?
- Can an AWS Lambda function call another
- Understanding AWS API Gateway Custom Domain Names
- How to Use Stage Variables for connection_id in aws_api_gateway_integration with Terraform?
- Proper Principal ID Value for API Gateway Custom Authorizer via Lambda?
- How to enable CORS with AWS SAM
- How to add non authenticated routes in AWS SAM template
- How to Use Cognito Identity Pool with Unauthenticated Users in Amplify v6 for API Gateway Access
- AWS Lambda parameter passing error | API Gateway
- Is there a way to assign a Static IP to a AWS Lambda without VPC?
- API Gateway with no auth setting keeps returning Missing Authentication Token to Postman
- Issue with slashes for Integrating API Gateway with CloudSearch
- Turn off (Disable) individual API in API Gateway temporarily without Deleting?
- Customize response from AWS API Gateway integrated to SQS
- Unable to resolve " not a valid key=value pair (missing equal-sign) in Authorization header" when POSTing to api gateway
- API Gateway V2 private integration to application load balancer always returns 503