Skip to content

Commit

Permalink
fix(apigatewayv2-authorizers): incorrect identitySource default for…
Browse files Browse the repository at this point in the history
… `WebSocketLambdaAuthorizer` (#18315)

We introduced `WebSocketLambdaAuthorizer` in #16886 with an incorrect default `identitySource`, according to these [docs](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-authorizer.html#cfn-apigatewayv2-authorizer-identitysource). The result is that using the default `identitySource` results in a deploy-time failure.

This PR fixes the error and adds documentation for the syntax for all `identitySource` possibilities.

I can confirm that this default successfully passes `cdk deploy` on my local app.

Fixes #18307. 

BREAKING CHANGE: `WebSocketLambdaAuthorizerProps.identitySource` default changes from `['$request.header.Authorization']` to `['route.request.header.Authorization']`.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
  • Loading branch information
kaizencc authored Jan 7, 2022
1 parent 5ddaef4 commit 74eee1e
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 3 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,11 @@ export interface WebSocketLambdaAuthorizerProps {
/**
* The identity source for which authorization is requested.
*
* @default ['$request.header.Authorization']
* Request parameter match `'route.request.querystring|header.[a-zA-z0-9._-]+'`.
* Staged variable match `'stageVariables.[a-zA-Z0-9._-]+'`.
* Context parameter match `'context.[a-zA-Z0-9._-]+'`.
*
* @default ['route.request.header.Authorization']
*/
readonly identitySource?: string[];
}
Expand Down Expand Up @@ -56,7 +60,7 @@ export class WebSocketLambdaAuthorizer implements IWebSocketRouteAuthorizer {
this.authorizer = new WebSocketAuthorizer(options.scope, this.id, {
webSocketApi: options.route.webSocketApi,
identitySource: this.props.identitySource ?? [
'$request.header.Authorization',
'route.request.header.Authorization',
],
type: WebSocketAuthorizerType.LAMBDA,
authorizerName: this.props.authorizerName ?? this.id,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ describe('WebSocketLambdaAuthorizer', () => {
Name: 'default-authorizer',
AuthorizerType: 'REQUEST',
IdentitySource: [
'$request.header.Authorization',
'route.request.header.Authorization',
],
});

Expand Down

0 comments on commit 74eee1e

Please sign in to comment.