requestContext & Cognito Authorization

dave · August 22, 2019, 8:34pm

I am building an application that requires me to know which user sent the API request. The requesting user determines which data that is sent back in the response.

I am using Cognito to authenticate users, as well as for API authorization. When a user sends a request to API Gateway using Cognito Authorization, the user’s Cognito Sub ID is included within event.requestContext. So, if I want the Cognito ID of the user I look at event.requestContext.authorizer.claims.sub.

Is there is a way to mimic this within the requestContext so that I can test locally, without having to deploy to AWS?

Thanks - love the framework so far.

tung · August 22, 2019, 9:07pm

RE: Thanks - love the framework so far.

Thanks for the kind words.

RE: Is there is a way to mimic this within the requestContext so that I can test locally, without having to deploy to AWS?

Believe there is no way to do this yet. This is interesting and something that would like Jets to account for though. Would consider PRs for this.

The local API mimic happens here:

github.com

tongueroo/jets/blob/master/lib/jets/controller/middleware/local/api_gateway.rb#L21


  resource = @route.path(:api_gateway) # posts/{id}/edit
  path = @env['PATH_INFO'].sub('/','') # remove beginning slash
  {
    "resource" => "/#{resource}", # "/posts/{id}/edit"
    "path" => @env['PATH_INFO'],  # /posts/tung/edit
    "httpMethod" => @env['REQUEST_METHOD'], # GET
    "headers" => request_headers,
    "queryStringParameters" => query_string_parameters,
    "pathParameters" => @route.extract_parameters(path),
    "stageVariables" => nil,
    "requestContext" => {},
    "body" => get_body,
    "isBase64Encoded" => false,
  }
end
memoize :event


# Annoying. The headers part of the AWS Lambda proxy structure
# does not consisently use the same casing scheme for the header keys.
# Sometimes it looks like this:
#   Accept-Encoding

Wondering if Jets should abuse the body or query string and pass it in there to mimic a dynamic requestContext. Unsure on the approach right now

RE: I am using Cognito to authenticate users, as well as for API authorization

Glad to hear folks are using Cognito. Would like to dig into Cognito more and come up with a gem/plugin. Hoping to make it turnkey.

Unsure when though. Hopefully, someone from the community comes up with something also. No sweat either way.