I have an .Net Core 3.1 web service running as a Lambda at AWS. The Lambda has is fronted by an API Gateway.
I left one of the routes unsecured for testing, /states. When I call /states without a bearer token I get the list of states. When I call it with a bearer token, I get a 502: Bad Gateway.
Another route requires a bearer token, /countries. When I call /countries with out a bearer token I get 401: Unauthorized. When I call /countries with a bearer token I get 502: Bad Gateway.
There doesn't seem to be anything in logs about what is happening.
Any Ideas? Thank you.
I got exactly the same symptoms and the reason behind them turned out to be Lambda function timeout.
Once
Authorization: Bearer ...is present in the request for the first time, the request to the .NET app took longer to process (probably due to some middleware initialization). That made the app exceed the default 3 second timeout, which makes API Gateway return 502 error status code.