Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(aws-apigatewayv2-authorizers): HttpUserPoolAuthorizer constructor should take and array of user pool client ids #15431

Closed
2 tasks
dan-lind opened this issue Jul 6, 2021 · 3 comments · Fixed by #16903
Closed
2 tasks

(aws-apigatewayv2-authorizers): HttpUserPoolAuthorizer constructor should take and array of user pool client ids #15431

dan-lind opened this issue Jul 6, 2021 · 3 comments · Fixed by #16903
Labels
@aws-cdk/aws-apigatewayv2-authorizers Related to aws-apigatewayv2-authorizers package effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. good first issue Related to contributions. See CONTRIBUTING.md p2

Comments

@dan-lind
Copy link
Contributor

dan-lind commented Jul 6, 2021

The current HttpUserPoolAuthorizer is created like this

const authorizer = new HttpUserPoolAuthorizer({
    userPool: userPool,
    userPoolClient: userPoolClient,
});

This will synthesize to

 "MyTestHttpProxyPrivateApiUserPoolAuthorizer":{
   "Type":"AWS::ApiGatewayV2::Authorizer",
   "Properties":{
      "ApiId":{
         "Ref":"MyTestHttpProxyPrivateApi"
      },
      "AuthorizerType":"JWT",
      "Name":"UserPoolAuthorizer",
      "IdentitySource":[
         "$request.header.Authorization"
      ],
      "JwtConfiguration":{
         "Audience":[
            "<user pool id>"
         ],
         "Issuer":"https://cognito-idp.eu-west-1.amazonaws.com/eu-west-1_XXXXXXXXX"
      }
   }
},

Where the provided user pool client id end up in the Audience array

Use Case

Currently it is possible to provide multiple user pool ids using a HttpJwtAuthorizer

const jwtAuthorizer = new HttpJwtAuthorizer({
    jwtAudience: ['XXXXXX', 'YYYYYY'],
    jwtIssuer: `https://cognito-idp.eu-west-1.amazonaws.com/eu-west-1_XXXXXXXXX`
})

For consistency and ease of use, HttpUserPoolAuthorizer should also allow users to pass an array of user pool clients, rather than a single one.

Proposed Solution

Allow users to pass an array of user pool clients like so

const authorizer = new HttpUserPoolAuthorizer({
    userPool: userPool,
    userPoolClient: [userPoolClient1, userPoolClient2, userPoolClient3]
});
  • 👋 I may be able to implement this feature request
  • ⚠️ This feature might incur a breaking change

This is a 🚀 Feature Request
@dan-lind dan-lind added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Jul 6, 2021
@github-actions github-actions bot added the @aws-cdk/aws-apigatewayv2-authorizers Related to aws-apigatewayv2-authorizers package label Jul 6, 2021
@nija-at
Copy link
Contributor

nija-at commented Jul 28, 2021

Thanks for submitting this feature request.

I'm marking this issue as a p2, which means we will not be working on this right away. We are accepting pull requests if you would like to contribute.

@nija-at nija-at added effort/small Small work item – less than a day of effort good first issue Related to contributions. See CONTRIBUTING.md p2 and removed needs-triage This issue or PR still needs to be triaged. labels Jul 28, 2021
@ghost
Copy link

ghost commented Aug 19, 2021

I am also facing this problem.
I can't target multiple app clients and I'm looking for a workaround.

@nija-at nija-at removed their assignment Aug 24, 2021
@tmokmss tmokmss mentioned this issue Oct 11, 2021
Merged
@mergify mergify bot closed this as completed in #16903 Nov 6, 2021
mergify bot pushed a commit that referenced this issue Nov 6, 2021
@tmokmss
feat(apigatewayv2-authorizers): http api - allow multiple user pool c…
747eb7c 
…lients per HttpUserPoolAuthorizer (#16903)

closes #15431

BREAKING CHANGE: `userPoolClient` property in `UserPoolAuthorizerProps`
is now renamed to `userPoolClients`.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@github-actions
Copy link

github-actions bot commented Nov 6, 2021

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

iliapolo pushed a commit that referenced this issue Nov 7, 2021
@tmokmss @iliapolo
feat(apigatewayv2-authorizers): http api - allow multiple user pool c…
882e385 
…lients per HttpUserPoolAuthorizer (#16903)

closes #15431

BREAKING CHANGE: `userPoolClient` property in `UserPoolAuthorizerProps`
is now renamed to `userPoolClients`.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
TikiTDO pushed a commit to TikiTDO/aws-cdk that referenced this issue Feb 21, 2022
@tmokmss @TikiTDO
feat(apigatewayv2-authorizers): http api - allow multiple user pool c…
2661129 
…lients per HttpUserPoolAuthorizer (aws#16903)

closes aws#15431

BREAKING CHANGE: `userPoolClient` property in `UserPoolAuthorizerProps`
is now renamed to `userPoolClients`.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-apigatewayv2-authorizers Related to aws-apigatewayv2-authorizers package effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. good first issue Related to contributions. See CONTRIBUTING.md p2
Projects
None yet
Milestone
No milestone
2 participants
@dan-lind @nija-at