aws-sam-cli: sam local start-api Missing Authentication Token for root path '/'
Description:
When I run sam local start-api -s public/
and try to access my endpoint, I receive a Missing Authentication Token
in the browser. This same code runs fine when deployed to lambda, and correctly exposes my endpoint without auth required.
FOO:
Type: AWS::Serverless::Function
Properties:
FunctionName: !Sub ${AWS::StackName}-FOO
CodeUri: ./target
Handler: foo
Runtime: go1.x
Tracing: Active
Events:
CatchAll:
Type: Api
Properties:
Path: "/{proxy+}"
Method: ANY
Observed result:
Missing Authentication Token
Expected result:
My API is exposed without auth.
Additional environment details (Ex: Windows, Mac, Amazon Linux etc)
macOS
Output of sam --version
:
SAM CLI, version 0.3.0
About this issue
- Original URL
- State: closed
- Created 6 years ago
- Reactions: 46
- Comments: 28 (8 by maintainers)
By adding a root endpoint and another separate proxy endpoint to the SAM template I was able to get it to work:
It seems like this convention of configuring multiple events for the same handler is done this way in other frameworks such as Zappa and Serverless (see the serverless.yml from this link).
Starting from scratch for debug:
Attempting to access http://127.0.0.1:3000/ I see
Missing Authentication Token
(with no endpoint mapped there) Attempting to access http://127.0.0.1:3000/hello it works as expected.Changing the
HelloWorldFunction
to use/{proxy+}
:Now when I access http://127.0.0.1:3000/anythinghere it continues to work as expected… so I don’t think that is my issue.
Edit: Digging a little deeper… it looks like even if I explicitly set the path to
Path: "/"
I get the sameMissing Authentication Token
when trying to access it. I wonder if that is somehow playing into this issue, even when trying to proxy it?Edit2: Additional context, using https://github.com/gorilla/mux + https://github.com/awslabs/aws-lambda-go-api-proxy internally. When I set the path to
Path: "/example"
in my main project, that 1 endpoint works properly and doesn’t produceMissing Authentication Token
. When it is set to proxy though, my code never even gets reached/started. If I set my project toPath: "/a/{proxy+}"
and try to access any of the URLs, my code starts correctly (then gets a 404 because that route doesn’t exist)@amcp I’m seeing the opposite;
GET
works fine, whilePOST
yields this error. None of my paths are/
, i.e. I’mGET
ting andPOST
ing to e.g./foo
and/bar
.Windows 10, SAM CLI version 0.7.0.
Well in fairness, they have done ALOT of work and if I had to pick, I’d say I appreciate the effort being able to run Ruby on Lambda and other things vs something I can hack locally that is not an issue when deployed. That said, would be nice to see fixed.
I’m experiencing the same. Using SAM local
POST
works fine, butGET
returns the “missing authentication token” on all catch-all routes, unless I add the first part of the route into thetemplate.yaml
config.eg:
using
path: /{proxy+}
,method: ANY
GET
/api/books
, and/api/books/[id]
returnsmissing authentication token
whereas using
path: /api/{proxy+}
,method: ANY
GET
/api/books
, and/api/books/[id]
work as expectedBoth configurations appear to work normally once deployed to the cloud.
I think this is going to become more prevalent as an issue now the runtime API has opened new languages and frameworks up to Lambda, and more people are going to get on-board with developing serverless functions locally, expecting their chosen language / framework to handle routing for them.
MacOS, SAM CLI version 0.8.1
I am getting this issue only on GET calls. POST works fine.
CONFIRMED! Setting
static_url_path=None
inlocal_apigw_service.py
does allow/{proxy+}
to work. I have confirmed with Flask that these two options are incompatible. I think it is important that local development allow root proxy and serving static files from root needs to be re-considered. What do other’s think?