I'm trying to set up an authorizer with API-gateway, I want it to get triggered when foo header is passed in or when bar header is passed in.
Right now from the documentation it seems like if I specify both foo and bar as identity sources, both needs to be present.
The only workaround for this which I found is to use no identity sources but then we are not able to use caching since identidy sources are needed.
I have experienced the same problem and come to the same conclusion.
If you want to have multiple headers as identity sources for a lambda authorizer, both must be present for all requests.
From the AWS documentation:
API Gateway uses the specified identity sources as the request authorizer caching key. When caching is enabled, API Gateway calls the authorizer's Lambda function only after successfully verifying that all the specified identity sources are present at runtime. If a specified identify source is missing, null, or empty, API Gateway returns a 401 Unauthorized response without calling the authorizer Lambda function.
Unfortunately this means that if you want to allow different individual headers for a lambda authorizer, you are unable to use caching.