Muhammad Ali
10/15/2021, 6:52 PMpreTokenGeneration
triggerAshishkumar Pandey
10/15/2021, 6:56 PMjsonwebtoken
package. You can skip verifying the token and just use plain decode as all authentication-only lambdas will be only triggered by the API Gateway post token verification.Michael Clifford
10/15/2021, 6:57 PMAshishkumar Pandey
10/15/2021, 6:57 PMAshishkumar Pandey
10/15/2021, 6:59 PMMuhammad Ali
10/15/2021, 7:30 PMlambdaX
which is accessible by mywebsite/path_to/lambdaX
rest api which requires authentication. The authentication is done by cognito and as part of authentication, I am injecting custom attributes via preTokenGeneration
. Once done, lambdaX
gets triggered and as per sst
document, the only parameter it has is event
. I don't see any customAttributes
. I see there is an object event.requestContext.authorizer {iam:[object]}
but not sure if this is the one to get those attributes from.Ashishkumar Pandey
10/15/2021, 7:31 PMauthorizationType
?Muhammad Ali
10/15/2021, 7:33 PMdefaultAuthorizationType: sst.ApiAuthorizationType.AWS_IAM,
Ashishkumar Pandey
10/15/2021, 7:35 PMAshishkumar Pandey
10/15/2021, 7:37 PMevent.requestContext.authorizer.claims
. All your claims including custom claims will be included here.Muhammad Ali
10/15/2021, 7:42 PMAWS_IAM
auth. here is what event looks like
{
version: '2.0',
routeKey: 'GET /lambdaX',
rawPath: '/lambdaX',
rawQueryString: '',
headers: {
accept: 'application/json',
authorization: 'AWS4-HMAC-SHA256 Credential=xxxxxxxxxxxxxxxx/20211015/us-east-1/execute-api/aws4_request, SignedHeaders=accept;host;x-amz-date, Signature=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
'content-length': '0',
'content-type': 'application/json',
host: '<http://apihost.execute-api.us-east-1.amazonaws.com|apihost.execute-api.us-east-1.amazonaws.com>',
'user-agent': 'axios/0.18.1',
'x-amz-date': '20211015T193105Z',
'x-amz-security-token': 'xxxxxxxxxxxxxxxx//////////xxxxxxxxxxxxxxxxxxx/xxxxx+xxxxxxxxxxxxx+xxx/xxxx/xxxxx+xxxx+xx+xxxx/xxx+xxxxx+xxxxxx/xxx/xxxx/xxxx/xxxx/xxxxxx+xxxxx/xxxx+xxxx+xxxxxx+xxxxx+xxxxx/xx/xx/xxxxxxx/xxxx/xxxxx+xxxxxx/xxxxx/xxxxx/xxxxx+xxxxxx+xxxxxxx/xxxxxx/xxxxxx+xxxxxxxx+xxxxxxx+xxxxxxx',
'x-amzn-trace-id': 'Root=1-xxxx-xxxxxxx',
'x-forwarded-for': 'xx.xxx.x.xxx',
'x-forwarded-port': '443',
'x-forwarded-proto': 'https'
},
requestContext: {
accountId: 'xxxxxxx',
apiId: 'apihost',
authorizer: { iam: [Object] },
domainName: '<http://apihost.execute-api.us-east-1.amazonaws.com|apihost.execute-api.us-east-1.amazonaws.com>',
domainPrefix: 'apihost',
http: {
method: 'GET',
path: '/lambdaX',
protocol: 'HTTP/1.1',
sourceIp: 'xx.xxx.x.xxx',
userAgent: 'axios/0.18.1'
},
requestId: 'xxxxx=',
routeKey: 'GET /lambdaX',
stage: '$default',
time: '15/Oct/2021:19:31:05 +0000',
timeEpoch: 1634326265776
},
isBase64Encoded: false
}
Muhammad Ali
10/15/2021, 7:43 PMevent.requestContext.authorizer
only has iam
object. which doesn't have any relevant information.Ashishkumar Pandey
10/15/2021, 8:18 PMevent.requestContext.authorizer.iam.cognitoIdentity.identityId
?Muhammad Ali
10/16/2021, 3:18 AMevent.requestContext.authorizer["iam"]
{
accessKey: 'XXXXXXXXX',
accountId: 'XXXXXXXX',
callerId: 'XXXXXXXXXXXX:CognitoIdentityCredentials',
cognitoIdentity: {
amr: [
'authenticated',
'<http://cognito-idp.us-east-1.amazonaws.com/us-east-1_xxxxxxxx|cognito-idp.us-east-1.amazonaws.com/us-east-1_xxxxxxxx>',
'<http://cognito-idp.us-east-1.amazonaws.com/us-east-1_xxxxxxxx:CognitoSignIn:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx|cognito-idp.us-east-1.amazonaws.com/us-east-1_xxxxxxxx:CognitoSignIn:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx>'
],
identityId: 'us-east-1:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx',
identityPoolId: 'us-east-1:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx'
},
principalOrgId: null,
userArn: 'arn:aws:sts::xxxxxxxxxxxx:assumed-role/dev-rest-api-my-stack-AuthIdentityPoolAuthRoleD14D-xxxxxxxx/CognitoIdentityCredentials',
userId: 'XXXXXXXXXXXX:CognitoIdentityCredentials'
}