Skip to content

Added FromCustomAuthorizerAttribute and tests. #1466

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
kabaluk wants to merge 13 commits into
base: dev
Choose a base branch
from
Draft

Added FromCustomAuthorizerAttribute and tests. #1466

kabaluk wants to merge 13 commits into from

Conversation

@kabaluk
Copy link
Contributor

@kabaluk kabaluk commented Mar 26, 2023

Description of changes:
Added FromCustomAuthorizerAttribute and tests.
This will allow to retrieve values from CustomAuthorizer context without having to receive the full APIGatewayProxyRequest or APIGatewayHttpApiV2ProxyRequest..

Both REST and HttpApi supported

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

normj
normj requested changes Mar 28, 2023
View reviewed changes
Copy link
Member

@normj normj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cool PR!

Can you fix the whitespaces changes to the LambdaFunctionTemplate.tt file? The whole file is looks different.

Who should we handle the other type of authorizer properties. For example on the APIGatewayHttpApiV2ProxyRequest besides the Lambda property there is also Jwt and IAM properties. Should we make the string accessing the authorizer field have the prefix of the property.

@kabaluk
Copy link
Contributor Author

kabaluk commented Mar 29, 2023
edited
Loading

Wiil do my best with the withspace.
The other types of authorizer are not custom authorizers as far as i am aware.
I would not create string prefixes.
We could create an iam authorizer attribute and a jwt authorizer attribute and those wold look on the respective locations...

@kabaluk
Copy link
Contributor Author

kabaluk commented Mar 30, 2023
edited
Loading

don't seem to be able to fix the whitespace issue to save my life :(
Please review ignoring whitespace ?? Maybe?

Tried setting EOL to LF and CR, both cause problems with the generated file. The correct one seems to be CRLF .
but obviously git doens't like it :(

Please feel free to edit.

@kabaluk kabaluk requested a review from normj March 30, 2023 01:09
@kabaluk
Copy link
Contributor Author

kabaluk commented May 4, 2023

Would be really nice to get this avail;able. I will gladly fix the conflicts if this can be looked at again.

@kabaluk
Copy link
Contributor Author

kabaluk commented May 8, 2023

I can see you did a major refactoring in the dev branch will push again once released.

If i might be so bold, I looked at what you did.
why not take it one step further and separate each attribute into it's own file?
Talking about the APIGatewaySetupParameters.tt
Breaking that file down, using the technique you used before, would make it much easier to add new attributes in the future

Just a thought.

@normj
Copy link
Member

normj commented May 9, 2023

@kabaluk I suspect adding new attributes would be done in separate files. For example if we added SQS or S3 I would put them in separate TT. One of my goals with the refactor was to make it easier to add new attributes as the previous monolithic tt file was really hard to reconcile with. HttpApi and RestApi attributes are 9X percent the same code so I didn't really want to make 2 separate tt files for each one of those. Plus I thought the parameter setup was getting pretty long so I was looking for some separation which is why I divided the parameter setup and the invoke. I suspect in SQS or S3 use cases the parameter setup wouldn't be so complicated.

Another goal I had was I wanted to generate the exact same code including whitespaces to make the PR review easier and then later I could do more specific refactoring. Otherwise the PR review would have been every line is different and that is hard to review. But going forward I could see putting each of the FromXXX in a separate tt file as well.

@kabaluk
Copy link
Contributor Author

kabaluk commented May 9, 2023

@kabaluk I suspect adding new attributes would be done in separate files. For example if we added SQS or S3 I would put them in separate TT. One of my goals with the refactor was to make it easier to add new attributes as the previous monolithic tt file was really hard to reconcile with. HttpApi and RestApi attributes are 9X percent the same code so I didn't really want to make 2 separate tt files for each one of those. Plus I thought the parameter setup was getting pretty long so I was looking for some separation which is why I divided the parameter setup and the invoke. I suspect in SQS or S3 use cases the parameter setup wouldn't be so complicated.

Another goal I had was I wanted to generate the exact same code including whitespaces to make the PR review easier and then later I could do more specific refactoring. Otherwise the PR review would have been every line is different and that is hard to review. But going forward I could see putting each of the FromXXX in a separate tt file as well.

I was talking specifically of the FromXXX attributes. Apologies, I should have been more explicit. Sounds like a great change and it would make it a lot easier to add and test more FromXXX attributes. Looking forward to have that in main so i can re add the FromCustomAuthorizer attribute.
Even started looking on how to do the FromJwt. 😄

@kabaluk
Copy link
Contributor Author

kabaluk commented May 11, 2023
edited
Loading

Readded CustomAuthorizerAttribute..

Hope you like it :)

@kabaluk
Copy link
Contributor Author

kabaluk commented May 18, 2023

Any possibility of having this looked at again, please?

normj
normj requested changes May 19, 2023
View reviewed changes
Copy link
Member

@normj normj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I did an initial scan and it looks good. I had one comment so far. I need to test the experience end to end next. I'll try and find time to do that soon.

@ashishdhingra
Copy link
Contributor

ashishdhingra commented Sep 1, 2023

@kabaluk Please review the last review comment from @normj and see if you are able to address it.

@ashishdhingra ashishdhingra added module/aspnetcore-support p2 This is a standard priority issue feature-request A feature should be added or improved. queued labels Sep 1, 2023
@kabaluk
Copy link
Contributor Author

kabaluk commented Sep 3, 2023

@kabaluk Please review the last review comment from @normj and see if you are able to address it.

Please have a look.

@kabaluk kabaluk requested review from normj and philasmar September 3, 2023 20:26
@GarrettBeatty GarrettBeatty changed the base branch from master to dev August 21, 2025 15:24
@GarrettBeatty GarrettBeatty marked this pull request as draft January 28, 2026 16:51
@GarrettBeatty
Copy link
Contributor

GarrettBeatty commented Jan 28, 2026

im working on rebasing this

@GarrettBeatty GarrettBeatty force-pushed the add-from-custom-authorizer-attribute branch from f14bd0b to 48afb69 Compare January 28, 2026 17:51
GarrettBeatty
GarrettBeatty reviewed Jan 28, 2026
View reviewed changes
Libraries/src/Amazon.Lambda.Annotations.SourceGenerator/Templates/APIGatewaySetupParameters.tt
try
{
var __authValue_<#= parameter.Name #>__ = __request__.RequestContext.Authorizer["<#= authKey #>"];
<#= parameter.Name #> = (<#= parameter.Type.FullName #>)Convert.ChangeType(__authValue_<#= parameter.Name #>__?.ToString(), typeof(<#= parameter.Type.FullNameWithoutAnnotations #>));
Copy link
Contributor

@GarrettBeatty GarrettBeatty Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why We Need .ToString() for Custom Authorizer Values

The Data Flow

  1. Authorizer Lambda returns context: When your custom authorizer runs, it returns a context dictionary:

    Context = new Dictionary<string, object>
{
    { "userId", "12345" },
    { "permissions", "admin" }
}

  2. API Gateway passes this to the protected Lambda in the request payload as JSON:

    {
  "requestContext": {
    "authorizer": {
      "userId": "12345",
      "permissions": "admin"
    }
  }
}

  3. Lambda deserializes the request using the configured serializer (System.Text.Json or Newtonsoft.Json).

The Problem: Dictionary<string, object> Deserialization

The Authorizer property is typed as Dictionary<string, object>:

public class APIGatewayCustomAuthorizerContext : Dictionary<string, object>

When the serializer encounters a JSON value like "12345" and needs to deserialize it into object, it doesn't know what concrete type to use. So:

  • System.Text.Json wraps it in a JsonElement struct
  • Newtonsoft.Json wraps it in a JToken (like JValue)

so rather than having statements like


if (__authValue__ is System.Text.Json.JsonElement jsonElement)
{
    userId = Convert.ChangeType(jsonElement.ToString(), typeof(string));
}

i just call toString which both of these serializers have.

not sure if there is a better way

Copy link
Contributor

@GarrettBeatty GarrettBeatty Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@normj not sure if you have any better ideas here of it ToString is good enough

@GarrettBeatty GarrettBeatty requested a review from Copilot January 28, 2026 21:01
Copilot AI reviewed Jan 28, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a new [FromCustomAuthorizer] parameter-binding attribute to AWS Lambda Annotations so Lambda handlers can directly receive values from API Gateway custom authorizer context (REST API + HTTP API), along with generator/template updates and accompanying tests/examples.

Changes:

  • Introduce FromCustomAuthorizerAttribute and wire it into the source generator attribute modeling and parameter setup templates.
  • Add source-generator snapshot tests and update test templates/examples to validate generated output.
  • Add a new test application (TestCustomAuthorizerApp) and update docs to demonstrate usage.

Reviewed changes

Copilot reviewed 22 out of 22 changed files in this pull request and generated 13 comments.

Show a summary per file
File Description
Libraries/test/TestServerlessApp/serverless.template Adds new test function resources for custom authorizer examples.
Libraries/test/TestServerlessApp/CustomAuthorizerRestExample.cs REST API example using [FromCustomAuthorizer].
Libraries/test/TestServerlessApp/CustomAuthorizerHttpApiExample.cs HTTP API example using [FromCustomAuthorizer].
Libraries/test/TestCustomAuthorizerApp/serverless.template New demo stack showing HTTP API + REST API Lambda authorizers and protected endpoints.
Libraries/test/TestCustomAuthorizerApp/aws-lambda-tools-defaults.json Deployment defaults for the new demo app.
Libraries/test/TestCustomAuthorizerApp/TestCustomAuthorizerApp.csproj New demo project configuration and references.
Libraries/test/TestCustomAuthorizerApp/README.md Demo documentation and usage instructions.
Libraries/test/TestCustomAuthorizerApp/ProtectedFunction.cs Demo functions showing authorizer-context usage.
Libraries/test/TestCustomAuthorizerApp/AuthorizerFunction.cs Demo authorizer implementations for HTTP API and REST API.
Libraries/test/Amazon.Lambda.Annotations.SourceGenerators.Tests/SourceGeneratorTests.cs Adds generator tests for REST + HTTP API (v2) custom authorizer extraction.
Libraries/test/Amazon.Lambda.Annotations.SourceGenerators.Tests/Snapshots/ServerlessTemplates/authorizerRest.template Snapshot of expected SAM template output for REST authorizer test.
Libraries/test/Amazon.Lambda.Annotations.SourceGenerators.Tests/Snapshots/ServerlessTemplates/authorizerHttpApi.template Snapshot of expected SAM template output for HTTP API authorizer test.
Libraries/test/Amazon.Lambda.Annotations.SourceGenerators.Tests/Snapshots/CustomAuthorizerRestExample_RestAuthorizer_Generated.g.cs Snapshot of expected generated handler for REST authorizer extraction.
Libraries/test/Amazon.Lambda.Annotations.SourceGenerators.Tests/Snapshots/CustomAuthorizerHttpApiExample_HttpApiAuthorizer_Generated.g.cs Snapshot of expected generated handler for HTTP API authorizer extraction.
Libraries/test/Amazon.Lambda.Annotations.SourceGenerators.Tests/Amazon.Lambda.Annotations.SourceGenerators.Tests.csproj Updates snapshot item handling for the new templates.
Libraries/src/Amazon.Lambda.Annotations/README.md Documents [FromCustomAuthorizer] usage and behavior.
Libraries/src/Amazon.Lambda.Annotations/APIGateway/FromCustomAuthorizerAttribute.cs Adds the new public attribute.
Libraries/src/Amazon.Lambda.Annotations.SourceGenerator/TypeFullNames.cs Registers the new attribute type name for generator recognition.
Libraries/src/Amazon.Lambda.Annotations.SourceGenerator/Templates/APIGatewaySetupParameters.tt Adds template logic to extract values from authorizer context.
Libraries/src/Amazon.Lambda.Annotations.SourceGenerator/Templates/APIGatewaySetupParameters.cs Regenerated T4 output reflecting the new parameter extraction logic.
Libraries/src/Amazon.Lambda.Annotations.SourceGenerator/Models/Attributes/FromCustomAuthorizerAttributeBuilder.cs Adds attribute data builder for the generator model.
Libraries/src/Amazon.Lambda.Annotations.SourceGenerator/Models/Attributes/AttributeModelBuilder.cs Wires the new attribute builder into attribute model creation.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@GarrettBeatty GarrettBeatty requested a review from Copilot January 29, 2026 17:32
Copilot AI reviewed Jan 29, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 25 out of 25 changed files in this pull request and generated 6 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@GarrettBeatty GarrettBeatty requested a review from Copilot January 29, 2026 18:29
Copilot AI reviewed Jan 29, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 28 out of 28 changed files in this pull request and generated 7 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@GarrettBeatty GarrettBeatty requested a review from Copilot January 29, 2026 18:59
Copilot AI reviewed Jan 29, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 31 out of 31 changed files in this pull request and generated 8 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@GarrettBeatty GarrettBeatty GarrettBeatty left review comments

Copilot code review Copilot Copilot left review comments

@normj normj Awaiting requested review from normj

@philasmar philasmar Awaiting requested review from philasmar

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

feature-request A feature should be added or improved. module/aspnetcore-support p2 This is a standard priority issue queued

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@kabaluk @normj @ashishdhingra @GarrettBeatty @philasmar