Description
Is your feature request related to a problem? Please describe.
We are using API HTTP (v2) Gateway with the standard JWT authorizer. Our JWT has custom claims that are within an object. This library sets claims as map[string]string which then will take the object and set a string of 'map[key:value]' which is then not able to unmarshal it or get the value of the key within the object.
Our code to attempt to get the a value from an object based claim
claims := request.RequestContext.Authorizer.JWT.Claims
namespace, ok := claims[_globalNamespace]
if !ok {
return "", false
}
log.Printf("namespace: (%v) with type (%T)", namespace, namespace)
Value when printed into cloud watch looks like this:
namespace: (map[key:value]) with type (string)
Describe the solution you'd like
JWT claims to be a map[string]interface{} so we can retrieve the data within object based claims.
Ideally this line should be map[string]interface{}
https://github.com/aws/aws-lambda-go/blob/main/events/apigw.go#L93
Describe alternatives you've considered
We having to use a jwt.parser to pull out the claims that are an object within the lamba which seems counter productive and less efficient to parse the jwt token twice
authHeader := request.Headers["authorization"]
// Split "Bearer <token>"
tokenString := strings.Split(authHeader, " ")[1]
// Parse the JWT token without validating (for the purpose of extracting claims)
token, parts, _ := new(jwt.Parser).ParseUnverified(tokenString, jwt.MapClaims{})
customClaims, ok := token.Claims.(jwt.MapClaims)[_globalNamespace].(map[string]interface{})
valueInObjectClaim := customClaims["key"])
Additional context
Decrypted JWT token example (some data obscured for security purposes)
{
"global-namespace": {
"key": "value"
},
"iss": "https://auth..com/",
"sub": "auth|1234",
"aud": "aud.com",
"iat": 1725883332,
"exp": 1725969732,
"scope": "email offline_access openid profile",
"gty": "password",
"azp": "152348"
}