(aws-apigatewayv2-authorizers): HttpUserPoolAuthorizer constructor should take and array of user pool client ids #15431
Closed
Description
The current HttpUserPoolAuthorizer is created like this
const authorizer = new HttpUserPoolAuthorizer({
userPool: userPool,
userPoolClient: userPoolClient,
});
This will synthesize to
"MyTestHttpProxyPrivateApiUserPoolAuthorizer":{
"Type":"AWS::ApiGatewayV2::Authorizer",
"Properties":{
"ApiId":{
"Ref":"MyTestHttpProxyPrivateApi"
},
"AuthorizerType":"JWT",
"Name":"UserPoolAuthorizer",
"IdentitySource":[
"$request.header.Authorization"
],
"JwtConfiguration":{
"Audience":[
"<user pool id>"
],
"Issuer":"https://cognito-idp.eu-west-1.amazonaws.com/eu-west-1_XXXXXXXXX"
}
}
},
Where the provided user pool client id end up in the Audience array
Use Case
Currently it is possible to provide multiple user pool ids using a HttpJwtAuthorizer
const jwtAuthorizer = new HttpJwtAuthorizer({
jwtAudience: ['XXXXXX', 'YYYYYY'],
jwtIssuer: `https://cognito-idp.eu-west-1.amazonaws.com/eu-west-1_XXXXXXXXX`
})
For consistency and ease of use, HttpUserPoolAuthorizer should also allow users to pass an array of user pool clients, rather than a single one.
Proposed Solution
Allow users to pass an array of user pool clients like so
const authorizer = new HttpUserPoolAuthorizer({
userPool: userPool,
userPoolClient: [userPoolClient1, userPoolClient2, userPoolClient3]
});
- 👋 I may be able to implement this feature request
-
⚠️ This feature might incur a breaking change
This is a 🚀 Feature Request