From e020d855e44584ef8a57c4ec890f2ae5b7e10ea7 Mon Sep 17 00:00:00 2001
From: Bret Ambrose <bambrose@amazon.com>
Date: Tue, 7 Nov 2023 15:06:20 -0800
Subject: [PATCH 1/3] Update custom auth sample and readme to fully support
 signed authorizes

---
 samples/mqtt/custom_authorizer_connect/README.md |  9 +++++++--
 samples/mqtt/custom_authorizer_connect/main.cpp  |  4 +++-
 samples/utils/CommandLineUtils.cpp               | 14 +++++++++++++-
 samples/utils/CommandLineUtils.h                 |  2 ++
 4 files changed, 25 insertions(+), 4 deletions(-)

diff --git a/samples/mqtt/custom_authorizer_connect/README.md b/samples/mqtt/custom_authorizer_connect/README.md
index 35ba6c750..3a5a24e0e 100644
--- a/samples/mqtt/custom_authorizer_connect/README.md
+++ b/samples/mqtt/custom_authorizer_connect/README.md
@@ -35,6 +35,13 @@ Note that in a real application, you may want to avoid the use of wildcards in y
 
 </details>
 
+**Note** The sample also allows passing arguments to specify additional data your custom authorizer may need. The snippets below assume that the custom authorizer does not need these additional parameters, but in the general case, you will almost always need some of them depending on the authorizer's configuration and the associated Lambda function's internals.
+* `--custom_auth_username` - opaque string value passed to the authorizer via an MQTT Connect packet.  The authorizer's Lambda can check this value from the event JSON value it receives as input: `event.protocolData.mqtt.username`
+* `--custom_auth_password` - opaque binary value passed to the authorizer via an MQTT Connect packet.  The authorizer's Lambda can check this value from the event JSON value it receives as input: `event.protocolData.mqtt.password`
+* `--custom_auth_token_key_name` - (Signed authorizers only) The query string parameter name that the token value should be bound to in the MQTT Connect packet.
+* `--custom_auth_token_value` - (Signed authorizers only) An arbitrary value chosen by the user.  The user must also submit a digital signature of this value using the private key associated with the authorizer.
+* `--custom_auth_authorizer_signature` - (Signed authorizers only) a digital signature of the value of the `--custom_auth_token_value` parameter using the private key associated with the authorizer.  The binary signature value must be base64 encoded and then URI encoded; the SDK will not do this for you.
+
 # How to run
 
 To run the Custom Authorizer connect use the following command:
@@ -42,5 +49,3 @@ To run the Custom Authorizer connect use the following command:
 ``` sh
 ./custom-authorizer-connect --endpoint <endpoint> --custom_auth_authorizer_name <authorizer name>
 ```
-
-**Note** The sample also allows passing additional arguments (`--custom_auth_username`, `--custom_auth_password`, and `custom_auth_authorizer_signature`) to fullfil the additional data your custom authorizer may need. The examples above assume that the custom authorizer does not need these additional parameters.
diff --git a/samples/mqtt/custom_authorizer_connect/main.cpp b/samples/mqtt/custom_authorizer_connect/main.cpp
index db8785da1..4ad65defd 100644
--- a/samples/mqtt/custom_authorizer_connect/main.cpp
+++ b/samples/mqtt/custom_authorizer_connect/main.cpp
@@ -32,7 +32,9 @@ int main(int argc, char *argv[])
         cmdData.input_customAuthUsername,
         cmdData.input_customAuthorizerName,
         cmdData.input_customAuthorizerSignature,
-        cmdData.input_customAuthPassword);
+        cmdData.input_customAuthPassword,
+        cmdData.input_customAuthTokenKeyName,
+        cmdData.input_customAuthTokenValue);
 
     // Create the MQTT connection from the MQTT builder
     auto clientConfig = clientConfigBuilder.Build();
diff --git a/samples/utils/CommandLineUtils.cpp b/samples/utils/CommandLineUtils.cpp
index 40e08b79a..60e73f79d 100644
--- a/samples/utils/CommandLineUtils.cpp
+++ b/samples/utils/CommandLineUtils.cpp
@@ -40,6 +40,8 @@ namespace Utils
     static const char *m_cmd_custom_auth_authorizer_name = "custom_auth_authorizer_name";
     static const char *m_cmd_custom_auth_authorizer_signature = "custom_auth_authorizer_signature";
     static const char *m_cmd_custom_auth_password = "custom_auth_password";
+    static const char *m_cmd_custom_auth_token_key_name = "custom_auth_token_key_name";
+    static const char *m_cmd_custom_auth_token_value = "custom_auth_token_value";
     static const char *m_cmd_verbosity = "verbosity";
     static const char *m_cmd_log_file = "log_file";
     static const char *m_cmd_cognito_identity = "cognito_identity";
@@ -260,11 +262,19 @@ namespace Utils
         RegisterCommand(
             m_cmd_custom_auth_authorizer_signature,
             "<str>",
-            "The signature to send when connecting through a custom authorizer (optional)");
+            "(Signed authorizers only) a digital signature of the value of the `--custom_auth_token_value` parameter using the private key associated with the authorizer.  The binary signature value must be base64 encoded and then URI encoded; the SDK will not do this for you. (optional)");
         RegisterCommand(
             m_cmd_custom_auth_password,
             "<str>",
             "The password to send when connecting through a custom authorizer (optional)");
+        RegisterCommand(
+            m_cmd_custom_auth_token_key_name,
+            "<str>",
+            "(Signed authorizers only) The query string parameter name that the token value should be bound to in the MQTT Connect packet. (optional)");
+        RegisterCommand(
+            m_cmd_custom_auth_token_value,
+            "<str>",
+            "(Signed authorizers only) An arbitrary value chosen by the user.  The user must also submit a digital signature of this value using the private key associated with the authorizer. (optional)");
     }
 
     void CommandLineUtils::AddCognitoCommands()
@@ -612,6 +622,8 @@ namespace Utils
         returnData.input_customAuthorizerSignature =
             cmdUtils.GetCommandOrDefault(m_cmd_custom_auth_authorizer_signature, "");
         returnData.input_customAuthPassword = cmdUtils.GetCommandOrDefault(m_cmd_custom_auth_password, "");
+        returnData.input_customAuthTokenKeyName = cmdUtils.GetCommandOrDefault(m_cmd_custom_auth_token_key_name, "");
+        returnData.input_customAuthTokenValue = cmdUtils.GetCommandOrDefault(m_cmd_custom_auth_token_value, "");
         return returnData;
     }
 
diff --git a/samples/utils/CommandLineUtils.h b/samples/utils/CommandLineUtils.h
index 16c7b2db0..89875c538 100644
--- a/samples/utils/CommandLineUtils.h
+++ b/samples/utils/CommandLineUtils.h
@@ -228,6 +228,8 @@ namespace Utils
         Aws::Crt::String input_customAuthorizerName;
         Aws::Crt::String input_customAuthorizerSignature;
         Aws::Crt::String input_customAuthPassword;
+        Aws::Crt::String input_customAuthTokenKeyName;
+        Aws::Crt::String input_customAuthTokenValue;
         // Fleet provisioning
         Aws::Crt::String input_templateName;
         Aws::Crt::String input_templateParameters;

From afc6c0bfbf121663033305250171cd2fbf7e4143 Mon Sep 17 00:00:00 2001
From: Bret Ambrose <bretambrose@gmail.com>
Date: Thu, 9 Nov 2023 10:28:45 -0800
Subject: [PATCH 2/3] Format

---
 samples/utils/CommandLineUtils.cpp | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/samples/utils/CommandLineUtils.cpp b/samples/utils/CommandLineUtils.cpp
index 60e73f79d..690a6f373 100644
--- a/samples/utils/CommandLineUtils.cpp
+++ b/samples/utils/CommandLineUtils.cpp
@@ -262,7 +262,9 @@ namespace Utils
         RegisterCommand(
             m_cmd_custom_auth_authorizer_signature,
             "<str>",
-            "(Signed authorizers only) a digital signature of the value of the `--custom_auth_token_value` parameter using the private key associated with the authorizer.  The binary signature value must be base64 encoded and then URI encoded; the SDK will not do this for you. (optional)");
+            "(Signed authorizers only) a digital signature of the value of the `--custom_auth_token_value` parameter "
+            "using the private key associated with the authorizer.  The binary signature value must be base64 encoded "
+            "and then URI encoded; the SDK will not do this for you. (optional)");
         RegisterCommand(
             m_cmd_custom_auth_password,
             "<str>",
@@ -270,11 +272,13 @@ namespace Utils
         RegisterCommand(
             m_cmd_custom_auth_token_key_name,
             "<str>",
-            "(Signed authorizers only) The query string parameter name that the token value should be bound to in the MQTT Connect packet. (optional)");
+            "(Signed authorizers only) The query string parameter name that the token value should be bound to in the "
+            "MQTT Connect packet. (optional)");
         RegisterCommand(
             m_cmd_custom_auth_token_value,
             "<str>",
-            "(Signed authorizers only) An arbitrary value chosen by the user.  The user must also submit a digital signature of this value using the private key associated with the authorizer. (optional)");
+            "(Signed authorizers only) An arbitrary value chosen by the user.  The user must also submit a digital "
+            "signature of this value using the private key associated with the authorizer. (optional)");
     }
 
     void CommandLineUtils::AddCognitoCommands()

From 19146910b09633193d7c49c486bbf8788b10f58e Mon Sep 17 00:00:00 2001
From: Bret Ambrose <bretambrose@gmail.com>
Date: Thu, 9 Nov 2023 10:33:31 -0800
Subject: [PATCH 3/3] Update submodules to latest

---
 crt/aws-crt-cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crt/aws-crt-cpp b/crt/aws-crt-cpp
index 8fe495c42..a7fc0969e 160000
--- a/crt/aws-crt-cpp
+++ b/crt/aws-crt-cpp
@@ -1 +1 @@
-Subproject commit 8fe495c4238ad1cf3a91e2ec7c7b8349a7cd4bd5
+Subproject commit a7fc0969ea3508e5aae01289cd17be9cdc98ffad