How do you have two entry points, one for JWT and one for non-JWT authorized WSGI handlers?

[tibbe]

The Serverless Framework supports JWT authorizers for the API Gateway HTTP API: https://www.serverless.com/framework/docs/providers/aws/events/http-api#jwt-authorizers. Example:

1. Configure authorizers on provider.httpApi.authorizers:

provider:
  httpApi:
    authorizers:
      someJwtAuthorizer:
        type: jwt
        identitySource: $request.header.Authorization
        issuerUrl: https://cognito-idp.${region}.amazonaws.com/${cognitoPoolId}
        audience:
          - ${client1Id}
          - ${client2Id}

2. Configure endpoints which are expected to have restricted access:

functions:
  someFunction:
    handler: index.handler
    events:
      - httpApi:
          method: POST
          path: /some-post
          authorizer:
            name: someJwtAuthorizer
            scopes: # Optional
              - user.id
              - user.email

It would be nice if you could somehow have one WSGI handler (e.g. for Flask) that handles the authorized ones and one that handles the unauthorized ones. Currently that doesn't seem possible because of the requirement to have this:

custom:
  wsgi:
    app: api.app

To me this looks like only one entry point is allowed.

Is there a way currently to achieve what I want? Could I e.g. split the entry points to have /authorized_api/* and /unauthorized_api/* and still use WSGI and API Gateway JWT authorization checking?