New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
api-gateway: access custom cognito claim in parameterMapping of HttpAlbIntegration #22010
Comments
Any updates on this one? I have the same issue when adding custom cognito attributes in parameter mapping for API GW integration via UI portal |
Also have this problem with both the UI portal and openapi integration |
For ID token, I was able to solve this issue with the help of pre-token-generation lambda trigger where I added additional claim without that stupid export const handler: PreTokenGenerationTriggerHandler = async (event) => {
const tenantId = event.request.userAttributes['custom:tenantid'];
event.response = {
claimsOverrideDetails: {
claimsToAddOrOverride: {
tenantid: tenantId
}
},
};
return event;
}; and then const parameterMapping = new ParameterMapping();
parameterMapping.appendHeader('tenantid', MappingValue.contextVariable("authorizer.claims.tenantid")); |
Thanks for the workaround. It seems like for now, only two special characters are supported: . (dot) and _ (underscore). Hopefully the service team implements support for : (colons) soon. |
also interested |
Describe the bug
When declaring a HttpAlbIntegration with parameterMapping for a regular cognito claim, say email or sub, everything works fine. But when defining a parameterMapping for a custom attribute, where the sintaxt implies using the prefix
custom:
, it complains about being an invalid expression.I've tried according the RestApi documentation (https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-enable-cognito-user-pool.html) but no luck:
"$context.authorizer.claims['custom:my_attr']"
Expected Behavior
The custom attribute should be accessible like any other.
Current Behavior
cdk returns a BadRequest:
Reproduction Steps
Create a HttpAlbIntegration for the api gateway:
cdk will complain about the
authorizer.claims.custom:my_attr
because of the:
.Possible Solution
Some alternative sintax for these cases, for instance:
authorizer.claims.[custom:my_attr]
so
custom:my_attr
would be treated as a block.Additional Information/Context
No response
CDK CLI Version
2.41.0 (build 6ad48a3)
Framework Version
No response
Node.js Version
v16.14.2
OS
macOS Monterey 12.5.1
Language
Typescript
Language Version
3.9.7
Other information
No response
The text was updated successfully, but these errors were encountered: