Search code examples
aws-api-gateway

Custom Authorizer returns 403 but not calling lambda

The screenshot below shows 2 subsequent calls to my API. The first call works as expected, while the second returns 403, even though is uses the same exact JWT in the Authorization header.

enter image description here

The execution log for the first call looks like this (I highlighted the token):

enter image description here

The execution log for the second call looks like this (token highlighted again):

enter image description here

And finally, the log from my Authorizer method looks like this (you'll notice it is only called once):

enter image description here

Any pointers? Is it a caching issue with the policy? Something else that pops out?

Solution

  • Found the problem. As described here, the policy returned from the authorizer is cached. That doesn't play well with the fact I was giving access to the specific resource requested - it means the cached policy was only allowing access to the first method I called.