aws · ssenchenko · Dec 16, 2022 · Dec 15, 2022 · Dec 15, 2022 · Dec 15, 2022
@@ -1,4 +1,4 @@
-from typing import Any, Dict, List, Optional
+from typing import Any, Dict, List, Optional, Union
 
 from samtranslator.model import PropertyType, Resource
 from samtranslator.model.types import is_type, one_of, is_str, list_of
@@ -69,6 +69,11 @@ class ApiGatewayV2ApiMapping(Resource):
     }
 
 
+# https://docs.aws.amazon.com/apigatewayv2/latest/api-reference/apis-apiid-authorizers-authorizerid.html#apis-apiid-authorizers-authorizerid-model-jwtconfiguration
+# Change to TypedDict when we don't have to support Python 3.7
+JwtConfiguration = Dict[str, Union[str, List[str]]]
+
+
 class ApiGatewayV2Authorizer(object):
     def __init__(  # type: ignore[no-untyped-def]
         self,
@@ -90,7 +95,7 @@ def __init__(  # type: ignore[no-untyped-def]
         self.api_logical_id = api_logical_id
         self.name = name
         self.authorization_scopes = authorization_scopes
-        self.jwt_configuration = jwt_configuration
+        self.jwt_configuration: Optional[JwtConfiguration] = self._get_jwt_configuration(jwt_configuration)
         self.id_source = id_source
         self.function_arn = function_arn
         self.function_invoke_role = function_invoke_role
@@ -299,3 +304,30 @@ def _get_reauthorize_every(self):  # type: ignore[no-untyped-def]
             return None
 
         return self.identity.get("ReauthorizeEvery")
+
+    @staticmethod
+    def _get_jwt_configuration(props: Optional[Dict[str, Union[str, List[str]]]]) -> Optional[JwtConfiguration]:
+        """Make sure that JWT configuration dict keys are lower case.
+
+        ApiGatewayV2Authorizer doesn't create `AWS::ApiGatewayV2::Authorizer` but generates
+        Open Api which will be appended to the API's Open Api definition body.
+        For Open Api JWT configuration keys should be in lower case.
+        But for `AWS::ApiGatewayV2::Authorizer` the same keys are capitalized,
+        the way it's usually done in CloudFormation resources.
+        Users get often confused when passing capitalized key to `AWS::Serverless::HttpApi` doesn't work.
+        There exist a comment about that in the documentation
+        https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-property-httpapi-oauth2authorizer.html#sam-httpapi-oauth2authorizer-jwtconfiguration
+        but the comment doesn't prevent users from making the error.
+
+        Parameters
+        ----------
+        props
+            jwt configuration dict with the keys either lower case or capitalized
+
+        Returns
+        -------
+            jwt configuration dict with low case keys
+        """
+        if not props:
+            return None
+        return {k.lower(): v for k, v in props.items()}
@@ -62,9 +62,9 @@ Resources:
             - scope
             IdentitySource: $request.header.Authorization
             JwtConfiguration:
-              audience:
+              Audience:
               - audience1
               - audience2
-              issuer: https://www.example.com/v1/connect/oidc
+              Issuer: https://www.example.com/v1/connect/oidc
         DefaultAuthorizer: LambdaAuth
         EnableIamAuthorizer: true