Amazon web services 网关V2 API的AWS websocket$connect路径的返回对象要求是什么_Amazon Web Services_Websocket_Aws Api Gateway_Terraform Provider Aws_Lambda Authorizer

Amazon web services 网关V2 API的AWS websocket$connect路径的返回对象要求是什么

amazon-web-services websocket

Amazon web services 网关V2 API的AWS websocket$connect路径的返回对象要求是什么,amazon-web-services,websocket,aws-api-gateway,terraform-provider-aws,lambda-authorizer,Amazon Web Services,Websocket,Aws Api Gateway,Terraform Provider Aws,Lambda Authorizer,我正在使用terraform创建一个带有AWS网关V2资源的websocket，例如AWS\u apigatewayv2\u路由和AWS\u apigatewayv2\u授权人当我的授权人lambda运行时，它通过headers.Auth从传入的“type”：“REQUEST”事件中获取令牌，该事件类似于“Bearer eyJmaWOiQiI3Y…JTMjU2In0.eyjxpwioi…”（一个很长的字符串）。代币是“持票人”之后的部分代码处理令牌以获取“kid”等等，并将其与从cognit

我正在使用terraform创建一个带有AWS网关V2资源的websocket，例如AWS\u apigatewayv2\u路由和AWS\u apigatewayv2\u授权人

当我的授权人lambda运行时，它通过headers.Auth从传入的

“type”：“REQUEST”

事件中获取令牌，该事件类似于“Bearer eyJmaWOiQiI3Y…JTMjU2In0.eyjxpwioi…”（一个很长的字符串）。代币是“持票人”之后的部分

代码处理令牌以获取“kid”等等，并将其与从cognito jwks.json文件检索到的密钥进行匹配（这是我从AWS网站某处获得的示例代码）

代码流通过“签名成功验证”点——到目前为止非常棒

问题是：授权人lambda应该返回什么

成功验证签名的示例代码指示应返回索赔对象。看起来是这样的：

claims:
{
    "sub": "2jjtzzzyyyxxx888g2pppp8sqqqqjagn",
    "token_use": "access",
    "scope": "transactions/post",
    "auth_time": 1596108906,
    "iss": "https://cognito-idp.us-east-1.amazonaws.com/us-east-1_tZfQltfya",
    "exp": 1596112506,
    "iat": 1596108906,
    "version": 2,
    "jti": "f55a0c1d-b9ac-3b2f-b8da-0ee93335c828",
    "client_id": "2ku7unsnkde8g1i9n8s2usjbgo"
}

authResponse: 
{
    "principalId": "xxxyyyzzz", // <--- I have tried various things here.
    "policyDocument": {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Action": "execute-api:Invoke",
                "Effect": "Allow",
                "Resource": [
                    "arn:aws:execute-api:us-east-1:11122223334444:n10gr0cw7m/test-stage/POST/*"
                ]
            }
        ]
    }
}

其他示例代码指示应返回AuthResponse，如下所示：

claims:
{
    "sub": "2jjtzzzyyyxxx888g2pppp8sqqqqjagn",
    "token_use": "access",
    "scope": "transactions/post",
    "auth_time": 1596108906,
    "iss": "https://cognito-idp.us-east-1.amazonaws.com/us-east-1_tZfQltfya",
    "exp": 1596112506,
    "iat": 1596108906,
    "version": 2,
    "jti": "f55a0c1d-b9ac-3b2f-b8da-0ee93335c828",
    "client_id": "2ku7unsnkde8g1i9n8s2usjbgo"
}

authResponse: 
{
    "principalId": "xxxyyyzzz", // <--- I have tried various things here.
    "policyDocument": {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Action": "execute-api:Invoke",
                "Effect": "Allow",
                "Resource": [
                    "arn:aws:execute-api:us-east-1:11122223334444:n10gr0cw7m/test-stage/POST/*"
                ]
            }
        ]
    }
}

authResponse:
{
“principalId”：“xxxyyzzz”，//网关APIV2授权人lambda应返回策略响应，但有一些修复
下面是一个带有注释的工作示例（同样，为了安全起见更改了一些值）：
{
//Cognito应用程序集成部分的“应用程序客户端ID”
“Princalid”：“7P9F415HNXXBFBCH17JNAENCC”，
“政策文件”：{
“版本”：“2012-10-17”，
“声明”：[
{
“行动”：[//