Skip to content

Unable to retrieve a value of an claim if it's an object #570

Open
@emmaLP

Description

@emmaLP

Is your feature request related to a problem? Please describe.
We are using API HTTP (v2) Gateway with the standard JWT authorizer. Our JWT has custom claims that are within an object. This library sets claims as map[string]string which then will take the object and set a string of 'map[key:value]' which is then not able to unmarshal it or get the value of the key within the object.

Our code to attempt to get the a value from an object based claim

        claims := request.RequestContext.Authorizer.JWT.Claims

	namespace, ok := claims[_globalNamespace]
	if !ok {
		return "", false
	}

      log.Printf("namespace: (%v) with type (%T)", namespace, namespace)

Value when printed into cloud watch looks like this:

namespace: (map[key:value]) with type (string)

Describe the solution you'd like
JWT claims to be a map[string]interface{} so we can retrieve the data within object based claims.

Ideally this line should be map[string]interface{}
https://github.com/aws/aws-lambda-go/blob/main/events/apigw.go#L93

Describe alternatives you've considered
We having to use a jwt.parser to pull out the claims that are an object within the lamba which seems counter productive and less efficient to parse the jwt token twice

authHeader := request.Headers["authorization"]
    // Split "Bearer <token>"
    tokenString := strings.Split(authHeader, " ")[1]
    // Parse the JWT token without validating (for the purpose of extracting claims)
    token, parts, _ := new(jwt.Parser).ParseUnverified(tokenString, jwt.MapClaims{})
    customClaims, ok := token.Claims.(jwt.MapClaims)[_globalNamespace].(map[string]interface{})
   valueInObjectClaim := customClaims["key"])

Additional context
Decrypted JWT token example (some data obscured for security purposes)

{
  "global-namespace": {
    "key": "value"
  },
  "iss": "https://auth..com/",
  "sub": "auth|1234",
  "aud": "aud.com",
  "iat": 1725883332,
  "exp": 1725969732,
  "scope": "email offline_access openid profile",
  "gty": "password",
  "azp": "152348"
}

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions