[colanderman]

I wish they'd focus on implementing basic HTTP support.

* you can't serve non-UTF8 content

* HEAD is totally broken (you can't set Content-Length)

* custom authorizers are useless with 3rd-party clients since you can't set WWW-Authenticate

* 100 Continue is blindly sent before checking auth

And then if they could get around to writing an actual reference document rather than the rambling stream-of-consciousness narratives they have currently, then maybe I'll be able to learn what the heck an "Integration Request" is and what syntax custom authorizers are supposed to return.

[ak217]

I agree, especially regarding the documentation. I was trying not to be too negative, but using Lambda is an exercise in frustration because of API Gateway.

I hope they hook up the new ALB service as an option for a Lambda proxy.

[colanderman]

Personally I wouldn't care so much if they called it "AWS Gateway Beta" or something. That its limitations aren't advertised, leading me to waste time trying to figure out what I was doing "wrong", is what frustrates me.

[x_foo_x]

I use a custom authorizer with Auth0 and it works fine. I guess some systems still use Basic Auth though.

[colanderman]

WWW-Authenticate is a requirement of HTTP itself, not Basic Auth. Returning 401 without this header (which API Gateway does) violates RFC 7235. It is the means by which HTTP negotiates an authentication protocol; without it, there is no way for authentication to proceed except by guessing.