1 回答
- 最新
- 投票最多
- 评论最多
1
Hi James, thanks for asking this question on re:Post!
You can use Parameter mapping feature of the HTTP API integration to add claims from the context of your JWT authorizer as custom headers of the request forwarded to the server. Please see the screenshot below.
The claim path example $context.authorizer.jwt.claims.emailID can be found in our documentation. Please let us know if this solution worked for you!
已回答 9 个月前
Thanks Piotrek, that's great! Just one issue I've found one of the claims I want to forward is
cognito:username. The colon seems to be causing problems in the parameter mapping, with an errorInvalid mapping expression specified: Validation Result: warnings : [], errors : [Invalid mapping expression specified: $context.authorizer.claims.cognito:username]
I've tried various ways around it but nothing is working, any suggestions?
Many thanks
Unfortunately
cognito:usernameandcognito:groupsare the two claims I'm most interested in. I'll have to stick to decoding the token on the server for now. Thanks for your help!Sure! For the additional issue you mentioned, it seems that the properties/paths containing a colon are not supported the moment. I was able to find a similar known issue for ALB integration deployed with CDK, and made sure to provide more context that will help us to prioritise this issue. Are you able to use any other claims (without colons) to satisfy your use case? Alternatively, like you noted, it should be possible to decode the token again on the server side.