APIGatewayProxyEventV2 authorizer Payload format does not have a nested jwt

[abbaspour]

Documentation for API Gateway V2 request mentions that in the case of native JWT authorizer, claims are inside jwt object under event.requestContext.authorizer

However, what I see in practice is that authorizer information comes in as flat without jwt object.

Here is my authorizer:

resource "aws_apigatewayv2_authorizer" "auth0authorizer" {
  name             = "auth0authorizer"
  api_id           = aws_apigatewayv2_api.api.id
  authorizer_type  = "JWT"
  identity_sources = ["$request.header.Authorization"]

  jwt_configuration {
    audience = [var.api_audience]
    issuer   = "https://${var.auth0_domain}/"
  }
}

And here is the request object

{
  "requestContext": {
    "accountId": "377258293252",
    "apiId": "9kc4yptsm5",
    "authorizer": {
      "claims": {
        "aud": "some.api",
        "azp": "FT6TMjfHI2lkxjpAbG5tCjEdiEkyvMCA",
        "exp": "1612061676",
        "gty": "password",
        "iat": "1612053076",
        "iss": "https://tenant.auth0.com/",
        "scope": "get:data read:policies create:policy",
        "sub": "auth0|5fe435b5cbbc85006b071eba"
      },
      "scopes": null
    }
}

[mcdwil]

Thanks for getting in touch. It looks like your integration might be using the 1.0 payload version. I just tested, and using a Lambda integration with the 2.0 payload version, I got the jwt object as documented.

I'd recommend verifying the payload format of your integration, and posting on the API Gateway forum or contacting AWS Support if you have further questions or concerns.

[dade-ca]

import { APIGatewayProxyHandlerV2WithJWTAuthorizer} from "aws-lambda";

export const main: APIGatewayProxyHandlerV2WithJWTAuthorizer = async (event) => {}