Adding Authorized Paths in Zappa_settings

[kyeljmd]

There are scenarios where we will implement or utilize an authorizer, however there are times when we would want certain paths to be accessed without any authorization such as a login endpoint

[scoates]

Is there a way to do this from the AWS side? My experience is that the authorizer is per-API Gateway endpoint, and the way proxy+ works, this means one endpoint per gateway/stage, so it's all-or-none.

There's an issue to add support for the REQUEST type, which might help with this, but that isn't (or at least wasn't) supported by CFN.

[kyeljmd]

It is indeed all or none, however, the intent of this request is there are APIs that you would want to expose without authorization such as a login endpoint. It is also unnecessary to create another API gateway for publicly available apis or endpoints. unless there is a workaround for such requirement please do let me know

[scoates]

I just don't know how you'd go about implementing this within Zappa.
We've (me, not Zappa) implemented mixed-mode authentication like this this without using an Authorizer, given the all-or-none nature (we did authentication in app-space).

One other method is to manually manage base paths in a Custom Domain Name to point to different lambdas, or even use different hostnames for different lambdas, but that gets messier than I think we'd like Zappa's scope to creep.

Within one Zappa app/deployment, there's not an internal way I know of to make some routes hit the Authorizer and some bypass.

Related: #1423

[epicfaace]

So how does Chalice manage to do this? (letting you specify an authorizer for each method)

[ayanguha]

Any update on this? I think serverless does that too, it is absolutely possible using AWS Portal. Is it something of a shortcoming of Zappa?