aws-sam-cli
aws-sam-cli copied to clipboard
aws
Feature Request: Add JWT Authorizer support to local start-api
Describe your idea/feature/enhancement
When creating a Function with the following Event
Events:
Post:
Type: HttpApi
Properties:
Path: /username
ApiId: !Ref MyApi
Method: POST
Auth:
Authorizer: OAuth2Authorizer
If we deploy and invoke the Lambda on AWS, the event will contain all of the claims of the token, for example
"requestContext": {
"accountId": "123456789",
"apiId": "asadsasd",
"authorizer": {
"jwt": {
"claims": {
"aud": "asdase123asdasdasd123123",
"auth_time": "1618362653",
"exp": "1618366253",
"iat": "1618362653",
"iss": "https://cognito-idp.us-east-1.amazonaws.com/us-east-1_asdasdasd",
"sub": "73a700f4-e656-4213-937a-177c4488421c",
"token_use": "access"
},
"scopes": null
}
},
"domainName": "some.domain.com",
"domainPrefix": "some",
"http": {
"method": "POST",
"path": "/username",
"protocol": "HTTP/1.1",
"sourceIp": "1.2.3.4",
"userAgent": "Mozilla/5.0"
},
"requestId": "asdasdas123123=",
"routeKey": "POST /username",
"stage": "myStage"
}
So, if I need to get the sub value, it is under the path at requestContext.authorizer.jwt.claims.sub.
But, locally, this is really hard to mock using sam local start-api
Proposal
When using the sam local start-api and a function has an Event with an authorizer, if the requests contain the Authorization header with a token, decode the token and update the event to match how it works on AWS by setting all of the claims under the path requestContext.authorizer.jwt.claims
Additional Details
Using SAM CLI 1.22.0
