Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: Unity CS Lambda Authorizer of API Gateway fails to handle Cognito access tokens without cognito-groups section #524

Open
ramesh-maddegoda opened this issue Feb 26, 2025 · 2 comments
Open

[Bug]: Unity CS Lambda Authorizer of API Gateway fails to handle Cognito access tokens without cognito-groups section #524

ramesh-maddegoda opened this issue Feb 26, 2025 · 2 comments
Assignees
@ramesh-maddegoda
Labels
bug Something isn't working

Comments

@ramesh-maddegoda
Copy link
Contributor

ramesh-maddegoda commented Feb 26, 2025
edited
Loading

Checked for duplicates

  • Ex. Yes - I've already checked

Describe the bug

The Unity CS Lambda Authorizer of API Gateway (https://github.com/unity-sds/unity-cs-auth-lambda) was initially developed as a technical demonstration to show how to develop a lambda authorizer. To make it easy to understand, a minimum number of code lines were used without too many checks and exemption handling. The idea was to introduce this to service area teams and encourage them to write their own authorizers with project specific validations and rules.

However, currently all the teams are using the common Unity CS Lambda Authorizer (https://github.com/unity-sds/unity-cs-auth-lambda) for their projects and it needs some improvements.

When a user does not have any Cognito user groups associated with, the Unity CS Lambda Authorizer of API Gateway fails to handle Cognito access tokens without cognito-groups section,

What did you expect?

I expected the Unity CS Lambda Authorizer to check for the availability of cognito-groups section in the Cognito access token and if that section is not available, log an error message and/or return a error message with the response telling user does not have any Cognito user groups associated with the user account.

Reproducible steps

  1. Create a Cognito user
  2. Do not assign any Cognito user groups to the user
  3. Make a call to any API Gateway endpoint that uses the Unity CS Lambda Authorizer
@ramesh-maddegoda ramesh-maddegoda added the bug Something isn't working label Feb 26, 2025
@ramesh-maddegoda ramesh-maddegoda self-assigned this Feb 26, 2025
ramesh-maddegoda added a commit to unity-sds/unity-cs-auth-lambda that referenced this issue Mar 4, 2025
@ramesh-maddegoda
Fix for the bug Unity CS Lambda Authorizer of API Gateway fails to ha…
505fa89 
…ndle Cognito access tokens without cognito-groups sectio

Fix for the bug Unity CS Lambda Authorizer of API Gateway fails to handle Cognito access tokens without cognito-groups section unity-sds/unity-cs#524
This was referenced Mar 4, 2025
Merged
Merged
@ramesh-maddegoda
Copy link
Contributor Author

Made code changes in the following repositories.

Changes were tested successfully.

@ramesh-maddegoda
Copy link
Contributor Author

Test data:

With user groups:

Image

Without user groups:

Image

Cloud watch logs without user groups:

Image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ramesh-maddegoda ramesh-maddegoda

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ramesh-maddegoda