
Security News
ECMAScript 2025 Finalized with Iterator Helpers, Set Methods, RegExp.escape, and More
ECMAScript 2025 introduces Iterator Helpers, Set methods, JSON modules, and more in its latest spec update approved by Ecma in June 2025.
serverless-offline-local-auth-plugin
Advanced tools
Forked from: [serverless-offline-auth-plugin](https://github.com/nlang/serverless-offline-local-authorizers-plugin).
Forked from: serverless-offline-auth-plugin.
Serverless plugin for adding authorizers when developing and testing functions locally with serverless-offline.
This plugin allows you to add local authorizer functions to your serverless projects. These authorizers
are added dynamically in a way they can be called by serverless-offline
but don't interfer with your
deployment and your shared authorizer functions. This helps when you have shared API Gateway authorizers
and developing and testing locally with serverless-offline
.
:warning: If you are using this plugin and get schema validation errors: Please check indentation of
localAuthorizer:
config property! See example below...
Installing using npm:
npm i serverless-offline-local-auth-plugin --save-dev
Add the plugin to the plugins sections in serverless.yml
or your serverless.ts
file.
plugins:
- serverless-offline-local-auth-plugin # <-- this should be loaded before serverless-offline as it uses offline's hook
- serverless-offline
With this plugin there are 2 ways to use this.
Use explicit authorization handler
Please refers to original repo usage
Explicitly define your authorizer functions in a file called local-authorizers.js
and put it into your
project root (that's where your serverless.yml
lives). (The filename is hardcoded into plugin.)
If you want the local function to call your deployed shared authorizer it could look something like this:
const AWS = require("aws-sdk");
const mylocalAuthProxyFn = async (event, context) => {
const lambda = new AWS.Lambda();
const result = await lambda.invoke({
FunctionName: "my-shared-lambda-authorizer",
InvocationType: "RequestResponse",
Payload: JSON.stringify(event),
}).promise();
if (result.StatusCode === 200) {
return JSON.parse(result.Payload);
}
throw Error("Authorizer error");
};
module.exports = { mylocalAuthProxyFn };
Of course you could also just return a mocked response, call Cognito to mock your Cognito Authorizer or whatever suits your needs. You can also define multiple authorizer functions if you need to. Please, see the example for the actual codes.
Now in your serverless.yml
, add the localAuthorizer
property to your http events. This will not interfere
with your "real" authorizers and will be ignored upon deployment.
functions:
myFunction:
handler: myFunction.handler
events:
- http:
path: /my/api/path
method: GET
authorizer:
type: CUSTOM
authorizerId: abcjfk
localAuthorizer:
name: "mylocalAuthProxyFn" # <-- the lambda name you have exported in your local-authorizers.js
type: "request"
Use a plugin to generate the proxy handler to proxy it to your target serverless-offline lambda
What you need
Go ahead to your serverless file.
Specify:
custom:
serverless-offline-local-auth:
lambdaEndpoint: 'http://127.0.0.1:10000' # if you are running on separate lambda
lambdaAuthFnName: 'myLambdaFunctionName' # the lambda function to proxy to
lambdaVersion: 'v3' # the code generate supports both v2 and v3 (v3 is default)
functions:
myFunction:
handler: myFunction.handler
events:
- http:
path: /my/api/path
method: GET
authorizer:
type: CUSTOM
authorizerId: abcjfk
localAuthorizer:
name: "autoLocalAuthProxy" # <- specific the auto generated function name here
type: "request"
Fire up serverless offline normally with start option:
$ sls offline start --stage dev --region eu-central-1
[ ] make the localAuthroizer.name
optional.
[ ] Simple example (explicit handler).
[ ] Example for simple proxy (configured with same serverless)
[ ] Example for complex proxy (configured with separate serverless).
[ ] Publish pipeline
MIT
FAQs
Forked from: [serverless-offline-auth-plugin](https://github.com/nlang/serverless-offline-local-authorizers-plugin).
The npm package serverless-offline-local-auth-plugin receives a total of 161 weekly downloads. As such, serverless-offline-local-auth-plugin popularity was classified as not popular.
We found that serverless-offline-local-auth-plugin demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
ECMAScript 2025 introduces Iterator Helpers, Set methods, JSON modules, and more in its latest spec update approved by Ecma in June 2025.
Security News
A new Node.js homepage button linking to paid support for EOL versions has sparked a heated discussion among contributors and the wider community.
Research
North Korean threat actors linked to the Contagious Interview campaign return with 35 new malicious npm packages using a stealthy multi-stage malware loader.