Empty identity source support is broken

[frozenbonito]

Bug Report

Current Behavior

When an identity source setting of authorizer is empty, serverless-offline always returns 401 and logs the following message:

✖ Identity Source is null for header authorization (λ: authorizer)

Sample Code

• file: serverless.yml

service: authorizer

plugins:
  - serverless-offline

provider:
  name: aws
  region: us-east-1
  runtime: nodejs18.x
  stage: dev

functions:
  hello:
    events:
      - http:
          authorizer:
            name: authorizer
            resultTtlInSeconds: 0
            identitySource: ""
            type: request
          method: get
          path: hello
    handler: handler.hello

  authorizer:
    handler: authorizer.authorizer

• file: handler.js

const { stringify } = JSON;

export async function hello() {
  return {
    body: stringify({ message: "Hello" }),
    statusCode: 200,
  };
}

• file: authorizer.js

export async function authorizer(event) {
  return {
    principalId: "user",
    policyDocument: {
      Statement: [
        {
          Action: "execute-api:Invoke",
          Effect: "Allow",
          Resource: event.methodArn,
        },
      ],
      Version: "2012-10-17",
    },
  };
}

Expected behavior/code

If the authorizer type is REQUEST and its caching is disabled, the identity source is not required.

For Authorization Caching, select or deselect the Enabled option, depending on whether you want to cache the authorization policy generated by the authorizer or not. When policy caching is enabled, you can choose to modify the TTL value from the default (300). Setting TTL=0 disables policy caching.
When caching is disabled, it is not necessary to specify an identity source.

https://docs.aws.amazon.com/apigateway/latest/developerguide/configure-api-gateway-lambda-authorization-with-console.html

IdentitySource
If you specify REQUEST for the Type property, this property is required when authorization caching is enabled.

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-authorizer.html

Environment

• serverless version: v3.26.0
• serverless-offline version: v12.0.3
• node.js version: v18.12.1
• OS: Debian 11.1 (WSL2, Windows 11)

Possible Solution

If type is request and resultTtlInSeconds is 0, identity source checking should be skipped.

Additional context/Screenshots

It looks like this issue was introduced in #1610.
It works correctly with v11.3.0 and earlier.

[frozenbonito]

Related issue:
The identity source fallbacks to method.request.header.Authorization, even if authorizer type is request and its caching disabled.
Serverless v3 does not do this.
https://www.serverless.com/framework/docs/deprecations#default-identitysource-for-httpauthorizer

serverless-offline/src/events/http/HttpServer.js

Lines 326 to 328 in f9f1f79

	identitySource:
	serverlessAuthorizerOptions?.identitySource ||
	'method.request.header.Authorization',

[arturenault]

What's missing to get this merged?

[CaptainAchilles]

Can this be merged? The PR looks fine.