Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to invoke lambda when "Authorization scopes" added to JWT Authorizer #408

Open
rockey5520 opened this issue Apr 26, 2021 · 2 comments
Open

Unable to invoke lambda when "Authorization scopes" added to JWT Authorizer #408

rockey5520 opened this issue Apr 26, 2021 · 2 comments
Labels
need feedback

Comments

@rockey5520
Copy link

Serverless Java Container version: eg. 1.5.2

Implementations: Spring Boot 2

Framework version: eg SpringBoot 2.4.1

Frontend service: HTTP API

Deployment method: SAM

Scenario

Describe what you are trying to accomplish
I am trying to call invoke lambda via HTTP api with JWT authorizer. call to lambda are failing when i add "Authorization scopes" in the JWT authorizer(on HTTP api)

Expected behavior

I would expect lambda should be able to be invoke with or without Authorization scopes in JWT authorizer

Actual behavior

I am trying to call invoke lambda via HTTP api with JWT authorizer. call to lambda are failing when i add "Authorization scopes" in the JWT authorizer(on HTTP api) with error message

com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot deserialize instance of `java.lang.String` out of START_ARRAY token at [Source: (ByteArrayInputStream); line: 1, column: 3530] (through reference chain: com.amazonaws.serverless.proxy.model.AwsProxyRequest["requestContext"]->com.amazonaws.serverless.proxy.model.AwsProxyRequestContext["authorizer"]->com.amazonaws.serverless.proxy.model.ApiGatewayAuthorizerContext["scopes"])

but without "Authorization scopes" in the JWT authorizer(on HTTP api) calls were going fine as long JWT is valid

Steps to reproduce

Create a springboot 2 based AWS lambda with HTTP api and Authorization scope with scopes specified in it.

InputStream of call when Authorization scope is added contains a section with Scopes array but same is null when Authorization scope is not defined in JWT Authorizer in HTTP API

        "scopes": [
            "b",
            "a",
            "z",
            "y",
            "x"
        ]

InputStream of call when Authorization scope is not added

"scopes": null

Full log output

Paste the full log output from the Lambda function's CloudWatch logs

logs
@deki
Copy link
Collaborator

deki commented Sep 1, 2021

Hi @rockey5520,
sorry for the late response. Would you be willing to contribute a PR to address this issue?
The source is located here: https://github.com/awslabs/aws-serverless-java-container/blob/master/aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/model/ApiGatewayAuthorizerContext.java

@deki
Copy link
Collaborator

deki commented Jan 3, 2022
edited

Hi @rockey5520,
we plan to release a 1.7 version soon and I'd like to include a fix for that. However looking at https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-develop-integrations-lambda.html scopes are part of jwt and we have the corresponding property in: https://github.com/awslabs/aws-serverless-java-container/blob/45169fb4f8e6329f658e060acd5246c95dd1c5ff/aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/model/HttpApiV2JwtAuthorizer.java#L20
So I wonder how to reproduce your issue. Are you using 2.0 payload?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
need feedback
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@deki @rockey5520 @valerena