Problem with Custom Authorizers

[justjoeyuk]

I'm trying to implement a custom authorizer and so far, it has gone very well and it's all working perfectly fine.

However, the one major issue I am having is that I cannot return a custom error message if the authenticator fails. I am having the return the following for every error at the moment:

return &events.APIGatewayCustomAuthorizerResponse{}, errors.New("Unauthorized").

If I try any other error message, I get {"message": null} as the response on my client. Is there any way to customize this error message (preferably without using the AWS console as I'd like it to be automated)?

[piotrkubisa]

You can specify response using Gateway Response which you can find it in the AWS Web Console or CloudFormation as a AWS::ApiGateway::GatewayResponse (1). It is worth noting, that after any changes you made to definition of the API you need to create a Deployment (Resources > Actions > Deploy API in Web Console UI) to apply them.

[camilosampedro]

Just if anyone is facing this same issue:

The way I handled it at the end was creating a AWS::ApiGateway::GatewayResponse with ACCESS_DENIED response type. In there I used {"message": $context.authorized.someProperty} which is read from your policy object:

authResponse := events.APIGatewayCustomAuthorizerResponse{PrincipalID: principalID}
// ...
authResponse.Context = make(map[string]interface{})
authResponse.Context["someProperty"] = "Your custom message"