Api Authorizer must specify at least one identity even authorization caching is disabled

[respire]

Description

I want to create a request authorizer which performs authentication if Authorization is existed in header. However, when i try to run sam deploy, it occured an error.

Authorizer must specify Identity with at least one of Headers, QueryStrings, StageVariables, or Context

but the official api docs said (identitySource)

When the authorization caching is not enabled, this property is optional.

https://docs.aws.amazon.com/apigateway/api-reference/resource/authorizer/

so I set ReauthorizeEvery to zero so as to disable caching, but it has no effect.

Steps to reproduce

Auth:
      Authorizers:
        MyRequestAuthorizer:
          FunctionPayloadType: REQUEST
          FunctionArn: !GetAtt MyRequestAuthorizerFunction.Arn
          Identity:
            ReauthorizeEvery: 0

Observed result

Authorizer must specify Identity with at least one of Headers, QueryStrings, StageVariables, or Context

Expected result

should be able to create a request authorizer with empty identitySource when caching is disabled
noted that i can remove all the identitySources under api gateway dashboard.

Additional environment details (Ex: Windows, Mac, Amazon Linux etc)

SAM CLI, version 0.44.0
macos 10.15.3

[Elliot128]

I am running into this issue as well. Did you ever get a workaround besides using the console?

[daftster]

PR #1577 opened for fixing this issue.

[moelasmar]

PR got merged

[mgrandis]

Released in 1.3.6 and CLI 1.24.0

[jfuss]

Re-opening. The original PR was reverted due to service impact when ReauthorizeEvery is an intrinsic function.