Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IAM authorizer is discarded #780

Closed
emilburzo opened this issue Feb 29, 2024 · 2 comments
Closed

IAM authorizer is discarded #780

emilburzo opened this issue Feb 29, 2024 · 2 comments
Assignees
@jonife @mbfreder
Labels
bug good first issue

Comments

@emilburzo
Copy link

emilburzo commented Feb 29, 2024
edited
Loading

Serverless Java Container version: 2.0.0

Implementations: Spring Boot 3

Framework version: SpringBoot 3.2.0

Frontend service: Lambda function URL

Deployment method: CloudFormation with AWS::Serverless-2016-10-31 transform

Scenario

I'm trying to access the SigV4 authorizer information for a lambda which is using lambda function URLs.

Although the fields are available in the context object in StreamLambdaHandler.handleRequest, they get discarded and aren't available in the AwsHttpApiV2ProxyHttpServletRequest object.

Expected behavior

The requestContext.authorizer.iam.* fields are accessible / not discarded.

Actual behavior

requestContext.authorizer is null because anything besides jwt or lambda is ignored:

https://github.com/aws/serverless-java-container/blob/main/aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/model/HttpApiV2AuthorizerMap.java#L79-L80

Redacted sample event

{
    "version": "2.0",
    "routeKey": "$default",
    "rawPath": "/healthcheck",
    "rawQueryString": "",
    "headers": {
        "x-amzn-tls-version": "TLSv1.2",
        "x-amz-date": "x",
        "x-forwarded-proto": "https",
        "x-forwarded-port": "443",
        "x-forwarded-for": "x",
        "x-amz-security-token": "x",
        "accept": "*/*",
        "x-amzn-tls-cipher-suite": "x",
        "x-amzn-trace-id": "x",
        "host": "x.lambda-url.eu-west-1.on.aws",
        "content-type": "application/json",
        "accept-encoding": "gzip, deflate, br",
        "user-agent": "x"
    },
    "requestContext": {
        "accountId": "1234",
        "apiId": "x",
        "authorizer": {
            "iam": {
                "accessKey": "x",
                "accountId": "1234",
                "callerId": "x",
                "cognitoIdentity": null,
                "principalOrgId": "x",
                "userArn": "arn:aws:sts::x:x",
                "userId": "x"
            }
        },
        "domainName": "x.lambda-url.eu-west-1.on.aws",
        "domainPrefix": "x",
        "http": {
            "method": "GET",
            "path": "/healthcheck",
            "protocol": "HTTP/1.1",
            "sourceIp": "x",
            "userAgent": "x"
        },
        "requestId": "x",
        "routeKey": "$default",
        "stage": "$default",
        "time": "28/Feb/2024:11:36:08 +0000",
        "timeEpoch": 1709120168045
    },
    "isBase64Encoded": false
}
@mbfreder
Copy link
Contributor

Hey, thanks for raising the issue. Let me reproduce the issue and get back to you.

@mbfreder mbfreder self-assigned this Mar 19, 2024
@jonife jonife mentioned this issue Mar 26, 2024
Merged
2 tasks
@deki
Copy link
Collaborator

deki commented Apr 8, 2024

Fix is now available as part of Release 2.0.1

@deki deki closed this as completed Apr 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jonife jonife

@mbfreder mbfreder

Labels
bug good first issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@deki @emilburzo @jonife @mbfreder