Validate authorizer context response to better mimic API Gateway (resubmit)

[paulhbarker]

Description

When successfully returning a policy from an Authorizer function, if the returned policy contains a context object containing values that are not of type string, number, or boolean, it will cause the endpoint to return 500, with the header: x-amzn-ErrorType: AuthorizerConfigurationException. In addition, string, number, and boolean values returned in the authorizer context are all coerced to string values when supplied to the downstream method implementation lambda.

None of this behavior is currently accounted for in the serverless-offline authorizer handling logic. This change fixes that issue, and makes serverless-offline authorizers behave near exactly like those of ApiGateway.

Motivation and Context

This change helps prevent developers from returning invalid types of authorizer contexts that work in serverless-offline but do not work on AWS. This change also helps developers understand exactly what the event.requestContext.authorizer property will contain in the cloud.

fixes #826

How Has This Been Tested?

I began by experimenting with the authorizer context response in ApiGateway with a pair of lambdas, one authorizer, and one downstream method implementation. I confirmed the string coercion behavior as described in this developer guide. I used the current authorizer integration tests as a starting point and added four context validation tests, ensuring that each type of valid and invalid context mimicked the behavior of ApiGateway authorizers as closely as possible.

[dherault]

Looks great, clean and everything. Shall I merge?

[paulhbarker]

Yessir! Thanks for the review.

[dherault]

Published in v8.7.0