feat: add authorizer enhanced context

src/config/offline-default.req.vm

@@ -11,6 +11,25 @@
   "body": $input.json("$"),
   "method": "$context.httpMethod",
   "principalId": "$context.authorizer.principalId",
+  "stage": "$context.stage",
+  "cognitoPoolClaims" : {
+      "sub": "$context.authorizer.claims.sub"
+  },
+  #set( $map = $context.authorizer )
+  ## see https://github.com/serverless/serverless/issues/4374
+  "enhancedAuthContext": {
+    #foreach($key in $map.keySet())
+      ## The claims are not part of the enhancedAuthContext in serverless and should be excluded.
+      ## However it is more practical to set this property to null as defined in
+      ## https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-mapping-template-reference.html#context-variable-reference
+      #if($key == "claims")
+      "$key": null
+      #else
+      "$key": "$util.escapeJavaScript($map.get($key))"
+      #end
+      #if($foreach.hasNext),#end
+    #end
+  },
   #set( $map = $input.params().header )
   "headers": $loop,
   #set( $map = $input.params().querystring )
@@ -20,5 +39,6 @@
   #set( $map = $context.identity )
   "identity": $loop,
   #set( $map = $stageVariables )
-  "stageVariables": $loop
+  "stageVariables": $loop,
+  "requestPath": "$context.resourcePath"
 }

src/createAuthScheme.js

@@ -132,6 +132,8 @@ module.exports = function createAuthScheme(
 
       event.methodArn = `arn:aws:execute-api:${options.region}:${accountId}:${apiId}/${options.stage}/${httpMethod}${resourcePath}`;
 
+      event.enhancedAuthContext = {};
+
       event.requestContext = {
         accountId,
         apiId,
@@ -217,16 +219,22 @@ module.exports = function createAuthScheme(
 
               serverlessLog(
                 `Authorization function returned a successful response: (λ: ${authFunName})`,
-                policy,
               );
 
+              const authorizer = {
+                principalId: policy.principalId,
+                integrationLatency: '42',
+                ...policy.context,
+              };
+
               // Set the credentials for the rest of the pipeline
               return resolve(
                 h.authenticated({
                   credentials: {
                     context: policy.context,
                     usageIdentifierKey: policy.usageIdentifierKey,
-                    user: policy.principalId,
+                    principalId: policy.principalId,
+                    authorizer,
                   },
                 }),
               );

src/createLambdaProxyEvent.js

@@ -18,7 +18,7 @@ module.exports = function createLambdaProxyEvent(
   stageVariables,
 ) {
   const authPrincipalId =
-    request.auth && request.auth.credentials && request.auth.credentials.user;
+    request.auth && request.auth.credentials && request.auth.credentials.principalId;
   const authContext =
     (request.auth &&
       request.auth.credentials &&

src/createVelocityContext.js

@@ -26,8 +26,10 @@ function escapeJavaScript(x) {
 */
 module.exports = function createVelocityContext(request, options, payload) {
   const path = (x) => jsonPath(payload || {}, x);
-  const authPrincipalId =
-    request.auth && request.auth.credentials && request.auth.credentials.user;
+  const authPrincipalId = request.auth && request.auth.credentials && request.auth.credentials.principalId;
+  let authorizer = request.auth
+    && request.auth.credentials
+    && request.auth.credentials.authorizer;
   const headers = request.unprocessedHeaders;
 
   let token = headers && (headers.Authorization || headers.authorization);
@@ -36,11 +38,18 @@ module.exports = function createVelocityContext(request, options, payload) {
     [, token] = token.split(' ');
   }
 
-  let claims;
+  if (!authorizer) authorizer = {};
+  authorizer.principalId = authPrincipalId
+    || process.env.PRINCIPAL_ID
+    || 'offlineContext_authorizer_principalId'; // See #24
+
 
   if (token) {
     try {
-      claims = decode(token) || undefined;
+      const claims = decode(token) || undefined;
+      if (claims) {
+        Object.assign(authorizer, { claims });
+      }
     } catch (err) {
       // Nothing
     }
@@ -49,13 +58,7 @@ module.exports = function createVelocityContext(request, options, payload) {
   return {
     context: {
       apiId: 'offlineContext_apiId',
-      authorizer: {
-        principalId:
-          authPrincipalId ||
-          process.env.PRINCIPAL_ID ||
-          'offlineContext_authorizer_principalId', // See #24
-        claims,
-      },
+      authorizer,
       httpMethod: request.method.toUpperCase(),
       identity: {
         accountId: 'offlineContext_accountId',
@@ -82,10 +85,10 @@ module.exports = function createVelocityContext(request, options, payload) {
         typeof x === 'string'
           ? request.params[x] || request.query[x] || headers[x]
           : {
-              header: headers,
-              path: Object.assign({}, request.params),
-              querystring: Object.assign({}, request.query),
-            },
+            header: headers,
+            path: Object.assign({}, request.params),
+            querystring: Object.assign({}, request.query),
+          },
     },
     stageVariables: options.stageVariables,
     util: {