Development experience for app that uses API Gateway authorisation?

[christemple]

My question is mainly centred around the development experience of building a serverless app using the Serverless Framework and Next.JS 8 for AWS, but with API Gateway authorisation.

Assume I'm building a page to login and one that requires you to be logged in:

pages/login.js
pages/profile.js // requires log in

So when running Serverless with https://github.com/dherault/serverless-offline I can replicate API Gateway locally, including features such as having an authorizer allowing me to deny access to the profile page, and custom gateway responses to customise the UnAuthorised experience. No code necessary in the lambda.

serverless-offline will spin up a server in development that replicates my API Gateway configuration.

However...

If my authorisation logic is in API Gateway config for Serverless, and not within the Next.js app itself, then surely that means the developer experience running the Next.js server won't apply the any authorisation right?

Therefore what is the best developer experience setup to an app that has these requirements?

If Next.js only builds the lambdas at build time, how can I wire them up to the serverless server in development? Ideally I should be using the serverless server, and not Next.js's, in development because it'll have the authorisation and will be closer to what my production setup will be when deployed... right?

Any help on this would be appreciated as I'm really keen to start using Next.js 8 with serverless!

[danielcondemarin]

Hi @christemple, thanks for your detailed explanation.

You're absolutely right. At the moment there isn't a proper way to do local development and benefit from both serverless-offline capabilities, such as features like authorizers, custom page routes etc. and nextjs development server features, like HMR.

There are some related issues like #15 and #35. Unfortunately right now you'll have to rely on next dev server and serverless-offline separately, but I will be looking into how this could be put together nicely. Any ideas are also welcome.

[danielcondemarin]

Closing this, for local development use next dev. The plugin or component should be used only for deployment.