https://supertokens.com/ logo
j

JoelC

05/08/2022, 4:20 PM
Is lambda authorizer work with http api gateway?
r

rp

05/08/2022, 4:22 PM
Yes. it should
yes. It should
j

JoelC

05/08/2022, 4:24 PM
any setting i should set to make it works like rest api gateway?
r

rp

05/08/2022, 4:25 PM
perhaps @nkshah2 can help with this.
j

JoelC

05/08/2022, 4:26 PM
i using SST to create the stack to expose auth api and authorizer lambda to verify session.
r

rp

05/08/2022, 4:33 PM
@JoelC did you get it to work? I think you messaged you did. But then deleted it?
j

JoelC

05/08/2022, 4:34 PM
er...no, still 401 error
r

rp

05/08/2022, 4:34 PM
Hmm. Can you enable debug logs and send the output?
You can see the troubleshooting section for how to enable lots
Logs*
j

JoelC

05/08/2022, 5:03 PM
Copy code
2022-05-08T17:00:45.000Z com.supertokens {t: "2022-05-08T17:00:44.978Z", message: "framework: awsLambda", file: "null" sdkVer: "9.2.0"}
2022-05-08T17:00:45.017Z com.supertokens {t: "2022-05-08T17:00:45.002Z", message: "session init: antiCsrf: NONE", file: "null" sdkVer: "9.2.0"}
2022-05-08T17:00:45.029Z com.supertokens {t: "2022-05-08T17:00:45.017Z", message: "session init: cookieDomain: undefined", file: "null" sdkVer: "9.2.0"}
2022-05-08T17:00:45.042Z com.supertokens {t: "2022-05-08T17:00:45.029Z", message: "session init: cookieSameSite: lax", file: "null" sdkVer: "9.2.0"}
2022-05-08T17:00:45.056Z com.supertokens {t: "2022-05-08T17:00:45.042Z", message: "session init: cookieSecure: false", file: "null" sdkVer: "9.2.0"}
2022-05-08T17:00:45.080Z com.supertokens {t: "2022-05-08T17:00:45.056Z", message: "session init: refreshTokenPath: /dev/auth/session/refresh", file: "null" sdkVer: "9.2.0"}
2022-05-08T17:00:45.091Z com.supertokens {t: "2022-05-08T17:00:45.080Z", message: "session init: sessionExpiredStatusCode: 401", file: "null" sdkVer: "9.2.0"}
2022-05-08T17:00:45.113Z com.supertokens {t: "2022-05-08T17:00:45.099Z", message: "middleware: Started", file: "null" sdkVer: "9.2.0"}
2022-05-08T17:00:45.127Z com.supertokens {t: "2022-05-08T17:00:45.113Z", message: "middleware: requestRID is: undefined", file: "null" sdkVer: "9.2.0"}
2022-05-08T17:00:45.144Z com.supertokens {t: "2022-05-08T17:00:45.127Z", message: "middleware: Checking recipe ID for match: emailpassword", file: "null" sdkVer: "9.2.0"}
2022-05-08T17:00:45.168Z com.supertokens {t: "2022-05-08T17:00:45.145Z", message: "middleware: Request being handled by recipe. ID is: /signin", file: "null" sdkVer: "9.2.0"}
2022-05-08T17:00:46.373Z com.supertokens {t: "2022-05-08T17:00:46.330Z", message: "Sending response to client with status code: 200", file: "null" sdkVer: "9.2.0"}
2022-05-08T17:00:46.397Z com.supertokens {t: "2022-05-08T17:00:46.373Z", message: "middleware: Ended", file: "null" sdkVer: "9.2.0"}
r

rp

05/08/2022, 5:04 PM
So do you get back cookies after the signin call?
j

JoelC

05/08/2022, 5:04 PM
yes
when i call protected route such as /role, nothing shows up but only
Copy code
{
  "message": "Unauthorized"
}
r

rp

05/08/2022, 5:05 PM
No output log?
j

JoelC

05/08/2022, 5:07 PM
Yes, no log..
r

rp

05/08/2022, 5:09 PM
j

JoelC

05/08/2022, 5:12 PM
yes, i copy the exact authorizer and auth to 2 lambda function. My SST stack setup: ``` import { StackContext, Api, Function } from "@serverless-stack/resources"; export function CoreStack({ stack }: StackContext) { const authHandler = new Function(stack, "Authorizer", { handler: "authorizer/authorizer.handler" }) const api = new Api(stack, "api", { authorizers:{ Authorizer: { type: "lambda", name: 'SuperCasbinAuthorizer', function: authHandler, responseTypes: ['iam'], resultsCacheTtl: '0 second' } }, defaults:{ authorizer: "Authorizer", }, cors: { allowCredentials: true, allowMethods: ['OPTIONS','POST','GET','PUT','DELETE'], allowHeaders: ["rid","fdi-version","anti-csrf"], allowOrigins: ['http://localhost:3000'] }, routes: { 'ANY /auth/{proxy+}': { type: "function", function: "authorizer/auth.handler", authorizer: "none", }, "ANY /role": "role/functions/lambda.handler" }, }); stack.addOutputs({ApiUrl: api.url}); } ```ts
r

rp

05/08/2022, 5:13 PM
Ok. Is the Session.getSession function being called on the route you are trying to query? You can add a console log right before the getSession function call and see if it gets printed out
j

JoelC

05/08/2022, 5:21 PM
the protected route /role, it just simply return a string. and i add log to authorizer handler before getSession call, but nothing print out from my understanding, when a request send to api gateway, it would call authorizer function before get through to lambda.
r

rp

05/08/2022, 5:22 PM
Yes it should. If you have configured it correctly
Can you double check that you have followed all the instrs mentioned on the link I had sent above?
j

JoelC

05/08/2022, 5:41 PM
ok, after i remove identity source and authorizer get called now.
r

rp

05/08/2022, 5:41 PM
Ok great. So what are the output logs?
j

JoelC

05/08/2022, 5:42 PM
but i cannot set "Lambda Event Payload" to Request since http api gateway seems not support that..
Copy code
2022-05-08T17:40:09.404Z com.supertokens {t: "2022-05-08T17:40:09.389Z", message: "getSession: Started", file: "null" sdkVer: "9.2.0"}

2022-05-08T17:40:09.419Z com.supertokens {t: "2022-05-08T17:40:09.405Z", message: "getSession: rid in header: false", file: "null" sdkVer: "9.2.0"}

2022-05-08T17:40:09.437Z com.supertokens {t: "2022-05-08T17:40:09.419Z", message: "getSession: request method: get", file: "null" sdkVer: "9.2.0"}

2022-05-08T17:40:09.466Z com.supertokens {t: "2022-05-08T17:40:09.437Z", message: "getSession: Value of doAntiCsrfCheck is: false", file: "null" sdkVer: "9.2.0"}

2022-05-08T17:40:09.833Z com.supertokens {t: "2022-05-08T17:40:09.804Z", message: "getSession: Success!", file: "null" sdkVer: "9.2.0"}
r

rp

05/08/2022, 5:43 PM
Ok so getSession function call is succeeding
Hmmm
I’ll have to look into that then.
I thought it did. Maybe I misremembered or something
n

nkshah2

05/09/2022, 3:14 AM
@JoelC this is a mistake on our part, the documentation should be clearer To use lambda authorisers you should use REST. For the HTTP gateway you can use JWT authorisers instead
j

JoelC

05/10/2022, 8:19 AM
thanks, i still evaluating which one is good for our infrastructure.
r

rp

05/10/2022, 8:36 AM
Ah right. Okay