Description
Checked for duplicates
- Ex. Yes - I've already checked
Describe the bug
The Unity CS Lambda Authorizer of API Gateway (https://github.com/unity-sds/unity-cs-auth-lambda) was initially developed as a technical demonstration to show how to develop a lambda authorizer. To make it easy to understand, a minimum number of code lines were used without too many checks and exemption handling. The idea was to introduce this to service area teams and encourage them to write their own authorizers with project specific validations and rules.
However, currently all the teams are using the common Unity CS Lambda Authorizer (https://github.com/unity-sds/unity-cs-auth-lambda) for their projects and it needs some improvements.
When a user does not have any Cognito user groups associated with, the Unity CS Lambda Authorizer of API Gateway fails to handle Cognito access tokens without cognito-groups section,
What did you expect?
I expected the Unity CS Lambda Authorizer to check for the availability of cognito-groups section in the Cognito access token and if that section is not available, log an error message and/or return a error message with the response telling user does not have any Cognito user groups associated with the user account.
Reproducible steps
- Create a Cognito user
- Do not assign any Cognito user groups to the user
- Make a call to any API Gateway endpoint that uses the Unity CS Lambda Authorizer