def authorize():
token = app.current_request.json_body["token"]
app_client_id = app.current_request.json_body.get("app_client_id", "")
if app_client_id:
claims = get_claims(token, verify_audience=True, app_client_id=app_client_id)
else:
claims = get_claims(token, verify_audience=True)
if claims:
return claims
else:
raise BadRequestError(f"Bad request, token not valid. {claims}")
def iamAuthorizer(auth_request):
"""
{'sub': 'f31c1cb8-681c-4d3e-9749-d7c074ffd7f6', 'email_verified': True, 'iss': 'https://cognito-idp.us-east-1.amazonaws.com/us-east-1_kcpcLxLzn', 'cognito:username': '******', 'aud': '77mcm1k9ll2ge68806h5kncfus', 'event_id': '1dc969c8-861e-11e8-b29e-336c6c2ce302', 'token_use': 'id', 'custom:center': 'CCMT', 'auth_time': 1531432454, 'name': 'Ashwin Ramaswami', 'exp': 1532273519, 'iat': 1532269919, 'email': '*****@*****.**'}
"""
claims = get_claims(auth_request.token)
if not claims and not app.test_user_id:
claims = {
"sub": "cm:cognitoUserPool:anonymousUser",
"name": "Anonymous",
"email": "*****@*****.**",
}
else:
if claims:
claims["sub"] = "cm:cognitoUserPool:" + claims["sub"]
id = claims["sub"]
elif app.test_user_id:
claims = {"sub": app.test_user_id}
id = app.test_user_id
# try:
# user = User.objects.get({"_id": id})
# except DoesNotExist:
# print(f"User does not exist. Creating user {id}")
# user = User(id=id)
# user.save()
return AuthResponse(routes=["*"],
principal_id="user",
context={"id": claims["sub"]})