@liflig/cdk 3.1.1 → 3.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/lib/api-gateway/authorizer-lambdas/basic-auth-authorizer.d.ts +23 -2
  2. package/lib/api-gateway/authorizer-lambdas/basic-auth-authorizer.js +101 -18
  3. package/lib/api-gateway/authorizer-lambdas/cognito-user-pool-authorizer.d.ts +8 -6
  4. package/lib/api-gateway/authorizer-lambdas/cognito-user-pool-authorizer.js +7 -3
  5. package/lib/api-gateway/authorizer-lambdas/cognito-user-pool-or-basic-auth-authorizer.d.ts +22 -10
  6. package/lib/api-gateway/authorizer-lambdas/cognito-user-pool-or-basic-auth-authorizer.js +108 -22
  7. package/lib/api-gateway/http-api-gateway.d.ts +46 -14
  8. package/lib/api-gateway/http-api-gateway.js +5 -6
  9. package/package.json +3 -3
package/lib/api-gateway/authorizer-lambdas/cognito-user-pool-or-basic-auth-authorizer.js CHANGED
@@ -1,14 +1,16 @@
1
1
  /**
2
2
  * This lambda verifies credentials:
3
- * - Against Cognito user pool if request uses Bearer token
3
+ * - Against Cognito user pool if request uses access token in Bearer authorization header
4
4
  * - Against credentials saved in Secret Manager if request uses basic auth (and if secret exists)
5
5
  *
6
6
  * Expects the following environment variables
7
7
  * - USER_POOL_ID
8
8
  * - BASIC_AUTH_CREDENTIALS_SECRET_NAME (optional)
9
- * - Secret value should follow this format: `{"username":"<username>","password":"<password>"}`
9
+ * - Secret value should follow this format: `{"username":"<username>","password":"<password>"}`.
10
+ * A different format with an array of pre-encoded credentials is also supported - see docs for
11
+ * the `CognitoUserPoolOrBasicAuthAuthorizerProps` on the `ApiGateway` construct.
10
12
  * - REQUIRED_SCOPE (optional)
11
- * - Set this to require that the bearer token payload contains the given scope
13
+ * - Set this to require that the access token payload contains the given scope
12
14
  */
13
15
  import { SecretsManager } from "@aws-sdk/client-secrets-manager";
14
16
  import { CognitoJwtVerifier } from "aws-jwt-verify";
@@ -17,7 +19,7 @@ export const handler = async (event) => {
17
19
  if (!authHeader) {
18
20
  return { isAuthorized: false };
19
21
  }
20
- const expectedBasicAuthHeader = await getExpectedBasicAuthHeader();
22
+ const expectedBasicAuthCredentials = await getExpectedBasicAuthCredentials();
21
23
  if (authHeader.startsWith("Bearer ")) {
22
24
  const result = await verifyAccessToken(authHeader.substring(7)); // substring(7) == after 'Bearer '
23
25
  switch (result) {
@@ -34,13 +36,25 @@ export const handler = async (event) => {
34
36
  isAuthorized: true,
35
37
  context: {
36
38
  clientId: result.client_id,
37
- internalAuthorizationHeader: expectedBasicAuthHeader,
39
+ internalAuthorizationHeader: expectedBasicAuthCredentials?.[0]?.basicAuthHeader,
38
40
  },
39
41
  };
40
42
  }
41
43
  }
42
- else if (authHeader.startsWith("Basic ")) {
43
- return { isAuthorized: authHeader === expectedBasicAuthHeader };
44
+ else if (authHeader.startsWith("Basic ") &&
45
+ expectedBasicAuthCredentials !== undefined) {
46
+ for (const expected of expectedBasicAuthCredentials) {
47
+ if (authHeader === expected.basicAuthHeader) {
48
+ return {
49
+ isAuthorized: true,
50
+ context: {
51
+ username: expected.username,
52
+ internalAuthorizationHeader: expected.basicAuthHeader,
53
+ },
54
+ };
55
+ }
56
+ }
57
+ return { isAuthorized: false };
44
58
  }
45
59
  else {
46
60
  return { isAuthorized: false };
@@ -96,25 +110,45 @@ export const dependencies = {
96
110
  createSecretsManager: () => new SecretsManager(),
97
111
  };
98
112
  /** Cache this value, so that subsequent lambda invocations don't have to refetch. */
99
- let cachedBasicAuthHeader = undefined;
100
- async function getExpectedBasicAuthHeader() {
101
- if (cachedBasicAuthHeader === undefined) {
113
+ let cachedBasicAuthCredentials = undefined;
114
+ /**
115
+ * Returns an array, to support credential secrets with multiple values (see
116
+ * `BasicAuthAuthorizerProps` on the `ApiGateway` construct for more on this).
117
+ */
118
+ async function getExpectedBasicAuthCredentials() {
119
+ if (cachedBasicAuthCredentials === undefined) {
102
120
  const secretName = process.env["BASIC_AUTH_CREDENTIALS_SECRET_NAME"];
103
121
  if (!secretName) {
104
122
  return undefined;
105
123
  }
106
- cachedBasicAuthHeader = await getSecretAsBasicAuthHeader(secretName);
124
+ cachedBasicAuthCredentials = await getBasicAuthCredentialsSecret(secretName);
107
125
  }
108
- return cachedBasicAuthHeader;
126
+ return cachedBasicAuthCredentials;
109
127
  }
110
- async function getSecretAsBasicAuthHeader(secretName) {
111
- const credentials = await getSecretValue(secretName);
112
- if (!secretHasExpectedFormat(credentials)) {
113
- console.error(`Basic auth credentials secret did not follow expected format (secret name: '${secretName}')`);
114
- throw new Error();
128
+ async function getBasicAuthCredentialsSecret(secretName) {
129
+ const secret = await getSecretValue(secretName);
130
+ if (isSingleUsernameAndPassword(secret)) {
131
+ const header = "Basic " +
132
+ Buffer.from(`${secret.username}:${secret.password}`).toString("base64");
133
+ return [{ basicAuthHeader: header, username: secret.username }];
115
134
  }
116
- return ("Basic " +
117
- Buffer.from(`${credentials.username}:${credentials.password}`).toString("base64"));
135
+ // See `BasicAuthAuthorizerProps` on the `ApiGateway` construct for an explanation of the formats
136
+ // we parse here
137
+ if (hasCredentialsKeyWithStringValue(secret)) {
138
+ let credentialsArray;
139
+ try {
140
+ credentialsArray = JSON.parse(secret.credentials);
141
+ }
142
+ catch (e) {
143
+ console.error(`Failed to parse credentials array in secret '${secretName}' as JSON`, e);
144
+ throw new Error();
145
+ }
146
+ if (isStringArray(credentialsArray)) {
147
+ return credentialsArray.map(parseEncodedBasicAuthCredentials);
148
+ }
149
+ }
150
+ console.error(`Basic auth credentials secret did not follow any expected format (secret name: '${secretName}')`);
151
+ throw new Error();
118
152
  }
119
153
  async function getSecretValue(secretName) {
120
154
  const client = dependencies.createSecretsManager();
@@ -123,9 +157,15 @@ async function getSecretValue(secretName) {
123
157
  console.error(`Secret value not found for '${secretName}'`);
124
158
  throw new Error();
125
159
  }
126
- return JSON.parse(secret.SecretString);
160
+ try {
161
+ return JSON.parse(secret.SecretString);
162
+ }
163
+ catch (e) {
164
+ console.error(`Failed to parse secret '${secretName}' as JSON:`, e);
165
+ throw new Error();
166
+ }
127
167
  }
128
- function secretHasExpectedFormat(value) {
168
+ function isSingleUsernameAndPassword(value) {
129
169
  return (typeof value === "object" &&
130
170
  value !== null &&
131
171
  "username" in value &&
@@ -133,4 +173,50 @@ function secretHasExpectedFormat(value) {
133
173
  "password" in value &&
134
174
  typeof value.password === "string");
135
175
  }
136
- //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY29nbml0by11c2VyLXBvb2wtb3ItYmFzaWMtYXV0aC1hdXRob3JpemVyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL2FwaS1nYXRld2F5L2F1dGhvcml6ZXItbGFtYmRhcy9jb2duaXRvLXVzZXItcG9vbC1vci1iYXNpYy1hdXRoLWF1dGhvcml6ZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUE7Ozs7Ozs7Ozs7O0dBV0c7QUFNSCxPQUFPLEVBQUUsY0FBYyxFQUFFLE1BQU0saUNBQWlDLENBQUE7QUFDaEUsT0FBTyxFQUFFLGtCQUFrQixFQUFFLE1BQU0sZ0JBQWdCLENBQUE7QUEwQm5ELE1BQU0sQ0FBQyxNQUFNLE9BQU8sR0FBRyxLQUFLLEVBQzFCLEtBQXlDLEVBQ2QsRUFBRTtJQUM3QixNQUFNLFVBQVUsR0FBRyxLQUFLLENBQUMsT0FBTyxFQUFFLGFBQWEsQ0FBQTtJQUMvQyxJQUFJLENBQUMsVUFBVSxFQUFFLENBQUM7UUFDaEIsT0FBTyxFQUFFLFlBQVksRUFBRSxLQUFLLEVBQUUsQ0FBQTtJQUNoQyxDQUFDO0lBRUQsTUFBTSx1QkFBdUIsR0FBRyxNQUFNLDBCQUEwQixFQUFFLENBQUE7SUFFbEUsSUFBSSxVQUFVLENBQUMsVUFBVSxDQUFDLFNBQVMsQ0FBQyxFQUFFLENBQUM7UUFDckMsTUFBTSxNQUFNLEdBQUcsTUFBTSxpQkFBaUIsQ0FBQyxVQUFVLENBQUMsU0FBUyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUEsQ0FBQyxrQ0FBa0M7UUFDbEcsUUFBUSxNQUFNLEVBQUUsQ0FBQztZQUNmLEtBQUssU0FBUztnQkFDWixPQUFPLEVBQUUsWUFBWSxFQUFFLEtBQUssRUFBRSxDQUFBO1lBQ2hDLEtBQUssU0FBUztnQkFDWix3RkFBd0Y7Z0JBQ3hGLHFGQUFxRjtnQkFDckYseUZBQXlGO2dCQUN6RixxRUFBcUU7Z0JBQ3JFLE1BQU0sSUFBSSxLQUFLLENBQUMsY0FBYyxDQUFDLENBQUE7WUFDakM7Z0JBQ0UsT0FBTztvQkFDTCxZQUFZLEVBQUUsSUFBSTtvQkFDbEIsT0FBTyxFQUFFO3dCQUNQLFFBQVEsRUFBRSxNQUFNLENBQUMsU0FBUzt3QkFDMUIsMkJBQTJCLEVBQUUsdUJBQXVCO3FCQUNyRDtpQkFDRixDQUFBO1FBQ0wsQ0FBQztJQUNILENBQUM7U0FBTSxJQUFJLFVBQVUsQ0FBQyxVQUFVLENBQUMsUUFBUSxDQUFDLEVBQUUsQ0FBQztRQUMzQyxPQUFPLEVBQUUsWUFBWSxFQUFFLFVBQVUsS0FBSyx1QkFBdUIsRUFBRSxDQUFBO0lBQ2pFLENBQUM7U0FBTSxDQUFDO1FBQ04sT0FBTyxFQUFFLFlBQVksRUFBRSxLQUFLLEVBQUUsQ0FBQTtJQUNoQyxDQUFDO0FBQ0gsQ0FBQyxDQUFBO0FBRUQsNERBQTREO0FBQzVELEtBQUssVUFBVSxpQkFBaUIsQ0FDOUIsS0FBYTtJQUViLElBQUksQ0FBQztRQUNILE1BQU0sYUFBYSxHQUFHLGdCQUFnQixFQUFFLENBQUE7UUFDeEMsNkZBQTZGO1FBQzdGLGdCQUFnQjtRQUNoQixPQUFPLE1BQU0sYUFBYSxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsQ0FBQTtJQUMxQyxDQUFDO0lBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztRQUNYLDREQUE0RDtRQUM1RCwwR0FBMEc7UUFDMUcsOEZBQThGO1FBQzlGLGNBQWM7UUFDZCxJQUFJLENBQUMsWUFBWSxLQUFLLElBQUksQ0FBQyxDQUFDLE9BQU8sRUFBRSxRQUFRLENBQUMsZUFBZSxDQUFDLEVBQUUsQ0FBQztZQUMvRCxPQUFPLFNBQVMsQ0FBQTtRQUNsQixDQUFDO2FBQU0sQ0FBQztZQUNOLE9BQU8sU0FBUyxDQUFBO1FBQ2xCLENBQUM7SUFDSCxDQUFDO0FBQ0gsQ0FBQztBQU1EOzs7R0FHRztBQUNILElBQUksbUJBQW1CLEdBQThCLFNBQVMsQ0FBQTtBQUU5RCxTQUFTLGdCQUFnQjtJQUN2QixJQUFJLG1CQUFtQixLQUFLLFNBQVMsRUFBRSxDQUFDO1FBQ3RDLG1CQUFtQixHQUFHLFlBQVksQ0FBQyxtQkFBbUIsRUFBRSxDQUFBO0lBQzFELENBQUM7SUFDRCxPQUFPLG1CQUFtQixDQUFBO0FBQzVCLENBQUM7QUFFRCxtREFBbUQ7QUFDbkQsTUFBTSxDQUFDLE1BQU0sWUFBWSxHQUFHO0lBQzFCLG1CQUFtQixFQUFFLEdBQWtCLEVBQUU7UUFDdkMsTUFBTSxVQUFVLEdBQUcsT0FBTyxDQUFDLEdBQUcsQ0FBQyxjQUFjLENBQUMsQ0FBQTtRQUM5QyxJQUFJLENBQUMsVUFBVSxFQUFFLENBQUM7WUFDaEIsT0FBTyxDQUFDLEtBQUssQ0FBQywwQ0FBMEMsQ0FBQyxDQUFBO1lBQ3pELE1BQU0sSUFBSSxLQUFLLEVBQUUsQ0FBQTtRQUNuQixDQUFDO1FBRUQsT0FBTyxrQkFBa0IsQ0FBQyxNQUFNLENBQUM7WUFDL0IsVUFBVTtZQUNWLFFBQVEsRUFBRSxRQUFRO1lBQ2xCLFFBQVEsRUFBRSxJQUFJO1lBQ2QsS0FBSyxFQUFFLE9BQU8sQ0FBQyxHQUFHLENBQUMsY0FBYyxJQUFJLFNBQVMsRUFBRSx5Q0FBeUM7U0FDMUYsQ0FBQyxDQUFBO0lBQ0osQ0FBQztJQUNELG9CQUFvQixFQUFFLEdBQUcsRUFBRSxDQUFDLElBQUksY0FBYyxFQUFFO0NBQ2pELENBQUE7QUFFRCxxRkFBcUY7QUFDckYsSUFBSSxxQkFBcUIsR0FBdUIsU0FBUyxDQUFBO0FBRXpELEtBQUssVUFBVSwwQkFBMEI7SUFDdkMsSUFBSSxxQkFBcUIsS0FBSyxTQUFTLEVBQUUsQ0FBQztRQUN4QyxNQUFNLFVBQVUsR0FDZCxPQUFPLENBQUMsR0FBRyxDQUFDLG9DQUFvQyxDQUFDLENBQUE7UUFDbkQsSUFBSSxDQUFDLFVBQVUsRUFBRSxDQUFDO1lBQ2hCLE9BQU8sU0FBUyxDQUFBO1FBQ2xCLENBQUM7UUFFRCxxQkFBcUIsR0FBRyxNQUFNLDBCQUEwQixDQUFDLFVBQVUsQ0FBQyxDQUFBO0lBQ3RFLENBQUM7SUFFRCxPQUFPLHFCQUFxQixDQUFBO0FBQzlCLENBQUM7QUFFRCxLQUFLLFVBQVUsMEJBQTBCLENBQUMsVUFBa0I7SUFDMUQsTUFBTSxXQUFXLEdBQUcsTUFBTSxjQUFjLENBQUMsVUFBVSxDQUFDLENBQUE7SUFDcEQsSUFBSSxDQUFDLHVCQUF1QixDQUFDLFdBQVcsQ0FBQyxFQUFFLENBQUM7UUFDMUMsT0FBTyxDQUFDLEtBQUssQ0FDWCwrRUFBK0UsVUFBVSxJQUFJLENBQzlGLENBQUE7UUFDRCxNQUFNLElBQUksS0FBSyxFQUFFLENBQUE7SUFDbkIsQ0FBQztJQUVELE9BQU8sQ0FDTCxRQUFRO1FBQ1IsTUFBTSxDQUFDLElBQUksQ0FBQyxHQUFHLFdBQVcsQ0FBQyxRQUFRLElBQUksV0FBVyxDQUFDLFFBQVEsRUFBRSxDQUFDLENBQUMsUUFBUSxDQUNyRSxRQUFRLENBQ1QsQ0FDRixDQUFBO0FBQ0gsQ0FBQztBQUVELEtBQUssVUFBVSxjQUFjLENBQUMsVUFBa0I7SUFDOUMsTUFBTSxNQUFNLEdBQUcsWUFBWSxDQUFDLG9CQUFvQixFQUFFLENBQUE7SUFDbEQsTUFBTSxNQUFNLEdBQUcsTUFBTSxNQUFNLENBQUMsY0FBYyxDQUFDLEVBQUUsUUFBUSxFQUFFLFVBQVUsRUFBRSxDQUFDLENBQUE7SUFFcEUsSUFBSSxDQUFDLE1BQU0sQ0FBQyxZQUFZLEVBQUUsQ0FBQztRQUN6QixPQUFPLENBQUMsS0FBSyxDQUFDLCtCQUErQixVQUFVLEdBQUcsQ0FBQyxDQUFBO1FBQzNELE1BQU0sSUFBSSxLQUFLLEVBQUUsQ0FBQTtJQUNuQixDQUFDO0lBRUQsT0FBTyxJQUFJLENBQUMsS0FBSyxDQUFDLE1BQU0sQ0FBQyxZQUFZLENBQUMsQ0FBQTtBQUN4QyxDQUFDO0FBRUQsU0FBUyx1QkFBdUIsQ0FDOUIsS0FBYztJQUVkLE9BQU8sQ0FDTCxPQUFPLEtBQUssS0FBSyxRQUFRO1FBQ3pCLEtBQUssS0FBSyxJQUFJO1FBQ2QsVUFBVSxJQUFJLEtBQUs7UUFDbkIsT0FBTyxLQUFLLENBQUMsUUFBUSxLQUFLLFFBQVE7UUFDbEMsVUFBVSxJQUFJLEtBQUs7UUFDbkIsT0FBTyxLQUFLLENBQUMsUUFBUSxLQUFLLFFBQVEsQ0FDbkMsQ0FBQTtBQUNILENBQUMiLCJzb3VyY2VzQ29udGVudCI6WyIvKipcbiAqIFRoaXMgbGFtYmRhIHZlcmlmaWVzIGNyZWRlbnRpYWxzOlxuICogLSBBZ2FpbnN0IENvZ25pdG8gdXNlciBwb29sIGlmIHJlcXVlc3QgdXNlcyBCZWFyZXIgdG9rZW5cbiAqIC0gQWdhaW5zdCBjcmVkZW50aWFscyBzYXZlZCBpbiBTZWNyZXQgTWFuYWdlciBpZiByZXF1ZXN0IHVzZXMgYmFzaWMgYXV0aCAoYW5kIGlmIHNlY3JldCBleGlzdHMpXG4gKlxuICogRXhwZWN0cyB0aGUgZm9sbG93aW5nIGVudmlyb25tZW50IHZhcmlhYmxlc1xuICogLSBVU0VSX1BPT0xfSURcbiAqIC0gQkFTSUNfQVVUSF9DUkVERU5USUFMU19TRUNSRVRfTkFNRSAob3B0aW9uYWwpXG4gKiAgIC0gU2VjcmV0IHZhbHVlIHNob3VsZCBmb2xsb3cgdGhpcyBmb3JtYXQ6IGB7XCJ1c2VybmFtZVwiOlwiPHVzZXJuYW1lPlwiLFwicGFzc3dvcmRcIjpcIjxwYXNzd29yZD5cIn1gXG4gKiAtIFJFUVVJUkVEX1NDT1BFIChvcHRpb25hbClcbiAqICAgLSBTZXQgdGhpcyB0byByZXF1aXJlIHRoYXQgdGhlIGJlYXJlciB0b2tlbiBwYXlsb2FkIGNvbnRhaW5zIHRoZSBnaXZlbiBzY29wZVxuICovXG5cbmltcG9ydCB0eXBlIHtcbiAgQVBJR2F0ZXdheVJlcXVlc3RBdXRob3JpemVyRXZlbnRWMixcbiAgQVBJR2F0ZXdheVNpbXBsZUF1dGhvcml6ZXJSZXN1bHQsXG59IGZyb20gXCJhd3MtbGFtYmRhXCJcbmltcG9ydCB7IFNlY3JldHNNYW5hZ2VyIH0gZnJvbSBcIkBhd3Mtc2RrL2NsaWVudC1zZWNyZXRzLW1hbmFnZXJcIlxuaW1wb3J0IHsgQ29nbml0b0p3dFZlcmlmaWVyIH0gZnJvbSBcImF3cy1qd3QtdmVyaWZ5XCJcbmltcG9ydCB0eXBlIHsgQ29nbml0b0FjY2Vzc1Rva2VuUGF5bG9hZCB9IGZyb20gXCJhd3Mtand0LXZlcmlmeS9qd3QtbW9kZWxcIlxuXG50eXBlIEF1dGhvcml6ZXJSZXN1bHQgPSBBUElHYXRld2F5U2ltcGxlQXV0aG9yaXplclJlc3VsdCAmIHtcbiAgLyoqXG4gICAqIFJldHVybmluZyBhIGNvbnRleHQgb2JqZWN0IGZyb20gb3VyIGF1dGhvcml6ZXIgYWxsb3dzIG91ciBBUEkgR2F0ZXdheSB0byBhY2Nlc3MgdGhlc2UgdmFyaWFibGVzXG4gICAqIHZpYSBgJHtjb250ZXh0LmF1dGhvcml6ZXIuPHByb3BlcnR5Pn1gLlxuICAgKiBodHRwczovL2RvY3MuYXdzLmFtYXpvbi5jb20vYXBpZ2F0ZXdheS9sYXRlc3QvZGV2ZWxvcGVyZ3VpZGUvaHR0cC1hcGktbG9nZ2luZy12YXJpYWJsZXMuaHRtbFxuICAgKi9cbiAgY29udGV4dD86IHtcbiAgICAvKipcbiAgICAgKiBJZiB0aGUgdG9rZW4gaXMgdmVyaWZpZWQsIHdlIHJldHVybiB0aGUgYXV0aCBjbGllbnQgSUQgZnJvbSB0aGUgdG9rZW4ncyBjbGFpbXMgYXMgYSBjb250ZXh0XG4gICAgICogdmFyaWFibGUgKG5hbWVkIGBhdXRob3JpemVyLmNsaWVudElkYCkuIFlvdSBjYW4gdGhlbiB1c2UgdGhpcyBmb3IgcGFyYW1ldGVyIG1hcHBpbmcgb24gdGhlXG4gICAgICogQVBJIEdhdGV3YXkgKHNlZSBgQWxiSW50ZWdyYXRpb25Qcm9wcy5tYXBQYXJhbWV0ZXJzYCBvbiB0aGUgYEFwaUdhdGV3YXlgIGNvbnN0cnVjdCksIGlmIGZvclxuICAgICAqIGV4YW1wbGUgeW91IHdhbnQgdG8gZm9yd2FyZCB0aGlzIHRvIHRoZSBiYWNrZW5kIGludGVncmF0aW9uLlxuICAgICAqL1xuICAgIGNsaWVudElkOiBzdHJpbmdcbiAgICAvKipcbiAgICAgKiBTZWUgYENvZ25pdG9Vc2VyUG9vbEF1dGhvcml6ZXJQcm9wcy5iYXNpY0F1dGhGb3JJbnRlcm5hbEF1dGhvcml6YXRpb25gIGluIHRoZSBgQXBpR2F0ZXdheWBcbiAgICAgKiBjb25zdHJ1Y3QgKHdlIHByb3ZpZGUgdGhlIHNhbWUgY29udGV4dCB2YXJpYWJsZSBoZXJlIGFzIGluIHRoZSBDb2duaXRvIFVzZXIgUG9vbCBhdXRob3JpemVyLFxuICAgICAqIHVzaW5nIHRoZSBjcmVkZW50aWFscyBmcm9tIEJBU0lDX0FVVEhfQ1JFREVOVElBTFNfU0VDUkVUX05BTUUpLlxuICAgICAqL1xuICAgIGludGVybmFsQXV0aG9yaXphdGlvbkhlYWRlcj86IHN0cmluZ1xuICB9XG59XG5cbmV4cG9ydCBjb25zdCBoYW5kbGVyID0gYXN5bmMgKFxuICBldmVudDogQVBJR2F0ZXdheVJlcXVlc3RBdXRob3JpemVyRXZlbnRWMixcbik6IFByb21pc2U8QXV0aG9yaXplclJlc3VsdD4gPT4ge1xuICBjb25zdCBhdXRoSGVhZGVyID0gZXZlbnQuaGVhZGVycz8uYXV0aG9yaXphdGlvblxuICBpZiAoIWF1dGhIZWFkZXIpIHtcbiAgICByZXR1cm4geyBpc0F1dGhvcml6ZWQ6IGZhbHNlIH1cbiAgfVxuXG4gIGNvbnN0IGV4cGVjdGVkQmFzaWNBdXRoSGVhZGVyID0gYXdhaXQgZ2V0RXhwZWN0ZWRCYXNpY0F1dGhIZWFkZXIoKVxuXG4gIGlmIChhdXRoSGVhZGVyLnN0YXJ0c1dpdGgoXCJCZWFyZXIgXCIpKSB7XG4gICAgY29uc3QgcmVzdWx0ID0gYXdhaXQgdmVyaWZ5QWNjZXNzVG9rZW4oYXV0aEhlYWRlci5zdWJzdHJpbmcoNykpIC8vIHN1YnN0cmluZyg3KSA9PSBhZnRlciAnQmVhcmVyICdcbiAgICBzd2l0Y2ggKHJlc3VsdCkge1xuICAgICAgY2FzZSBcIklOVkFMSURcIjpcbiAgICAgICAgcmV0dXJuIHsgaXNBdXRob3JpemVkOiBmYWxzZSB9XG4gICAgICBjYXNlIFwiRVhQSVJFRFwiOlxuICAgICAgICAvLyBXZSB3YW50IHRvIHJldHVybiA0MDEgVW5hdXRob3JpemVkIGZvciBleHBpcmVkIHRva2Vucywgc28gdGhlIGNsaWVudCBrbm93cyB0byByZWZyZXNoXG4gICAgICAgIC8vIHRoZWlyIHRva2VuIHdoZW4gcmVjZWl2aW5nIHRoaXMgc3RhdHVzIGNvZGUuIEFQSSBHYXRld2F5IGF1dGhvcml6ZXIgbGFtYmRhcyByZXR1cm5cbiAgICAgICAgLy8gNDAzIEZvcmJpZGRlbiBmb3Ige2lzQXV0aG9yaXplZDogZmFsc2V9LCBidXQgdGhlcmUgaXMgYSB3YXkgdG8gcmV0dXJuIDQwMTogdGhyb3dpbmcgYW5cbiAgICAgICAgLy8gZXJyb3Igd2l0aCB0aGlzIGV4YWN0IHN0cmluZy4gaHR0cHM6Ly9zdGFja292ZXJmbG93LmNvbS9hLzcxOTY1ODkwXG4gICAgICAgIHRocm93IG5ldyBFcnJvcihcIlVuYXV0aG9yaXplZFwiKVxuICAgICAgZGVmYXVsdDpcbiAgICAgICAgcmV0dXJuIHtcbiAgICAgICAgICBpc0F1dGhvcml6ZWQ6IHRydWUsXG4gICAgICAgICAgY29udGV4dDoge1xuICAgICAgICAgICAgY2xpZW50SWQ6IHJlc3VsdC5jbGllbnRfaWQsXG4gICAgICAgICAgICBpbnRlcm5hbEF1dGhvcml6YXRpb25IZWFkZXI6IGV4cGVjdGVkQmFzaWNBdXRoSGVhZGVyLFxuICAgICAgICAgIH0sXG4gICAgICAgIH1cbiAgICB9XG4gIH0gZWxzZSBpZiAoYXV0aEhlYWRlci5zdGFydHNXaXRoKFwiQmFzaWMgXCIpKSB7XG4gICAgcmV0dXJuIHsgaXNBdXRob3JpemVkOiBhdXRoSGVhZGVyID09PSBleHBlY3RlZEJhc2ljQXV0aEhlYWRlciB9XG4gIH0gZWxzZSB7XG4gICAgcmV0dXJuIHsgaXNBdXRob3JpemVkOiBmYWxzZSB9XG4gIH1cbn1cblxuLyoqIERlY29kZXMgYW5kIHZlcmlmaWVzIHRoZSBnaXZlbiB0b2tlbiBhZ2FpbnN0IENvZ25pdG8uICovXG5hc3luYyBmdW5jdGlvbiB2ZXJpZnlBY2Nlc3NUb2tlbihcbiAgdG9rZW46IHN0cmluZyxcbik6IFByb21pc2U8Q29nbml0b0FjY2Vzc1Rva2VuUGF5bG9hZCB8IFwiRVhQSVJFRFwiIHwgXCJJTlZBTElEXCI+IHtcbiAgdHJ5IHtcbiAgICBjb25zdCB0b2tlblZlcmlmaWVyID0gZ2V0VG9rZW5WZXJpZmllcigpXG4gICAgLy8gTXVzdCBhd2FpdCBoZXJlIGluc3RlYWQgb2YgcmV0dXJuaW5nIHRoZSBwcm9taXNlIGRpcmVjdGx5LCBzbyB0aGF0IGVycm9ycyBjYW4gYmUgY2F1Z2h0IGluXG4gICAgLy8gdGhpcyBmdW5jdGlvblxuICAgIHJldHVybiBhd2FpdCB0b2tlblZlcmlmaWVyLnZlcmlmeSh0b2tlbilcbiAgfSBjYXRjaCAoZSkge1xuICAgIC8vIElmIHRoZSBKV1QgaGFzIGV4cGlyZWQsIGF3cy1qd3QtdmVyaWZ5IHRocm93cyB0aGlzIGVycm9yOlxuICAgIC8vIGh0dHBzOi8vZ2l0aHViLmNvbS9hd3NsYWJzL2F3cy1qd3QtdmVyaWZ5L2Jsb2IvOGQ4ZjcxNGQ3MjgxOTEzZWNkNjYwMTQ3ZjVjMzAzMTE0Nzk2MDFjMS9zcmMvand0LnRzI0wxOTdcbiAgICAvLyBXZSBjYW4ndCBjaGVjayBpbnN0YW5jZW9mIG9uIHRoYXQgZXJyb3IgY2xhc3MsIHNpbmNlIGl0J3Mgbm90IGV4cG9ydGVkLCBzbyB0aGlzIGlzIHRoZSBuZXh0XG4gICAgLy8gYmVzdCB0aGluZy5cbiAgICBpZiAoZSBpbnN0YW5jZW9mIEVycm9yICYmIGUubWVzc2FnZT8uaW5jbHVkZXMoXCJUb2tlbiBleHBpcmVkXCIpKSB7XG4gICAgICByZXR1cm4gXCJFWFBJUkVEXCJcbiAgICB9IGVsc2Uge1xuICAgICAgcmV0dXJuIFwiSU5WQUxJRFwiXG4gICAgfVxuICB9XG59XG5cbmV4cG9ydCB0eXBlIFRva2VuVmVyaWZpZXIgPSB7XG4gIHZlcmlmeTogKGFjY2Vzc1Rva2VuOiBzdHJpbmcpID0+IFByb21pc2U8Q29nbml0b0FjY2Vzc1Rva2VuUGF5bG9hZD5cbn1cblxuLyoqXG4gKiBXZSBjYWNoZSB0aGUgdmVyaWZpZXIgaW4gdGhpcyBnbG9iYWwgdmFyaWFibGUsIHNvIHRoYXQgc3Vic2VxdWVudCBpbnZvY2F0aW9ucyBvZiBhIGhvdCBsYW1iZGFcbiAqIHdpbGwgcmUtdXNlIHRoaXMuXG4gKi9cbmxldCBjYWNoZWRUb2tlblZlcmlmaWVyOiBUb2tlblZlcmlmaWVyIHwgdW5kZWZpbmVkID0gdW5kZWZpbmVkXG5cbmZ1bmN0aW9uIGdldFRva2VuVmVyaWZpZXIoKTogVG9rZW5WZXJpZmllciB7XG4gIGlmIChjYWNoZWRUb2tlblZlcmlmaWVyID09PSB1bmRlZmluZWQpIHtcbiAgICBjYWNoZWRUb2tlblZlcmlmaWVyID0gZGVwZW5kZW5jaWVzLmNyZWF0ZVRva2VuVmVyaWZpZXIoKVxuICB9XG4gIHJldHVybiBjYWNoZWRUb2tlblZlcmlmaWVyXG59XG5cbi8qKiBGb3Igb3ZlcnJpZGluZyBkZXBlbmRlbmN5IGNyZWF0aW9uIGluIHRlc3RzLiAqL1xuZXhwb3J0IGNvbnN0IGRlcGVuZGVuY2llcyA9IHtcbiAgY3JlYXRlVG9rZW5WZXJpZmllcjogKCk6IFRva2VuVmVyaWZpZXIgPT4ge1xuICAgIGNvbnN0IHVzZXJQb29sSWQgPSBwcm9jZXNzLmVudltcIlVTRVJfUE9PTF9JRFwiXVxuICAgIGlmICghdXNlclBvb2xJZCkge1xuICAgICAgY29uc29sZS5lcnJvcihcIlVTRVJfUE9PTF9JRCBlbnYgdmFyaWFibGUgaXMgbm90IGRlZmluZWRcIilcbiAgICAgIHRocm93IG5ldyBFcnJvcigpXG4gICAgfVxuXG4gICAgcmV0dXJuIENvZ25pdG9Kd3RWZXJpZmllci5jcmVhdGUoe1xuICAgICAgdXNlclBvb2xJZCxcbiAgICAgIHRva2VuVXNlOiBcImFjY2Vzc1wiLFxuICAgICAgY2xpZW50SWQ6IG51bGwsXG4gICAgICBzY29wZTogcHJvY2Vzcy5lbnYuUkVRVUlSRURfU0NPUEUgfHwgdW5kZWZpbmVkLCAvLyBgfHwgdW5kZWZpbmVkYCB0byBkaXNjYXJkIGVtcHR5IHN0cmluZ1xuICAgIH0pXG4gIH0sXG4gIGNyZWF0ZVNlY3JldHNNYW5hZ2VyOiAoKSA9PiBuZXcgU2VjcmV0c01hbmFnZXIoKSxcbn1cblxuLyoqIENhY2hlIHRoaXMgdmFsdWUsIHNvIHRoYXQgc3Vic2VxdWVudCBsYW1iZGEgaW52b2NhdGlvbnMgZG9uJ3QgaGF2ZSB0byByZWZldGNoLiAqL1xubGV0IGNhY2hlZEJhc2ljQXV0aEhlYWRlcjogc3RyaW5nIHwgdW5kZWZpbmVkID0gdW5kZWZpbmVkXG5cbmFzeW5jIGZ1bmN0aW9uIGdldEV4cGVjdGVkQmFzaWNBdXRoSGVhZGVyKCk6IFByb21pc2U8c3RyaW5nIHwgdW5kZWZpbmVkPiB7XG4gIGlmIChjYWNoZWRCYXNpY0F1dGhIZWFkZXIgPT09IHVuZGVmaW5lZCkge1xuICAgIGNvbnN0IHNlY3JldE5hbWU6IHN0cmluZyB8IHVuZGVmaW5lZCA9XG4gICAgICBwcm9jZXNzLmVudltcIkJBU0lDX0FVVEhfQ1JFREVOVElBTFNfU0VDUkVUX05BTUVcIl1cbiAgICBpZiAoIXNlY3JldE5hbWUpIHtcbiAgICAgIHJldHVybiB1bmRlZmluZWRcbiAgICB9XG5cbiAgICBjYWNoZWRCYXNpY0F1dGhIZWFkZXIgPSBhd2FpdCBnZXRTZWNyZXRBc0Jhc2ljQXV0aEhlYWRlcihzZWNyZXROYW1lKVxuICB9XG5cbiAgcmV0dXJuIGNhY2hlZEJhc2ljQXV0aEhlYWRlclxufVxuXG5hc3luYyBmdW5jdGlvbiBnZXRTZWNyZXRBc0Jhc2ljQXV0aEhlYWRlcihzZWNyZXROYW1lOiBzdHJpbmcpOiBQcm9taXNlPHN0cmluZz4ge1xuICBjb25zdCBjcmVkZW50aWFscyA9IGF3YWl0IGdldFNlY3JldFZhbHVlKHNlY3JldE5hbWUpXG4gIGlmICghc2VjcmV0SGFzRXhwZWN0ZWRGb3JtYXQoY3JlZGVudGlhbHMpKSB7XG4gICAgY29uc29sZS5lcnJvcihcbiAgICAgIGBCYXNpYyBhdXRoIGNyZWRlbnRpYWxzIHNlY3JldCBkaWQgbm90IGZvbGxvdyBleHBlY3RlZCBmb3JtYXQgKHNlY3JldCBuYW1lOiAnJHtzZWNyZXROYW1lfScpYCxcbiAgICApXG4gICAgdGhyb3cgbmV3IEVycm9yKClcbiAgfVxuXG4gIHJldHVybiAoXG4gICAgXCJCYXNpYyBcIiArXG4gICAgQnVmZmVyLmZyb20oYCR7Y3JlZGVudGlhbHMudXNlcm5hbWV9OiR7Y3JlZGVudGlhbHMucGFzc3dvcmR9YCkudG9TdHJpbmcoXG4gICAgICBcImJhc2U2NFwiLFxuICAgIClcbiAgKVxufVxuXG5hc3luYyBmdW5jdGlvbiBnZXRTZWNyZXRWYWx1ZShzZWNyZXROYW1lOiBzdHJpbmcpOiBQcm9taXNlPHVua25vd24+IHtcbiAgY29uc3QgY2xpZW50ID0gZGVwZW5kZW5jaWVzLmNyZWF0ZVNlY3JldHNNYW5hZ2VyKClcbiAgY29uc3Qgc2VjcmV0ID0gYXdhaXQgY2xpZW50LmdldFNlY3JldFZhbHVlKHsgU2VjcmV0SWQ6IHNlY3JldE5hbWUgfSlcblxuICBpZiAoIXNlY3JldC5TZWNyZXRTdHJpbmcpIHtcbiAgICBjb25zb2xlLmVycm9yKGBTZWNyZXQgdmFsdWUgbm90IGZvdW5kIGZvciAnJHtzZWNyZXROYW1lfSdgKVxuICAgIHRocm93IG5ldyBFcnJvcigpXG4gIH1cblxuICByZXR1cm4gSlNPTi5wYXJzZShzZWNyZXQuU2VjcmV0U3RyaW5nKVxufVxuXG5mdW5jdGlvbiBzZWNyZXRIYXNFeHBlY3RlZEZvcm1hdChcbiAgdmFsdWU6IHVua25vd24sXG4pOiB2YWx1ZSBpcyB7IHVzZXJuYW1lOiBzdHJpbmc7IHBhc3N3b3JkOiBzdHJpbmcgfSB7XG4gIHJldHVybiAoXG4gICAgdHlwZW9mIHZhbHVlID09PSBcIm9iamVjdFwiICYmXG4gICAgdmFsdWUgIT09IG51bGwgJiZcbiAgICBcInVzZXJuYW1lXCIgaW4gdmFsdWUgJiZcbiAgICB0eXBlb2YgdmFsdWUudXNlcm5hbWUgPT09IFwic3RyaW5nXCIgJiZcbiAgICBcInBhc3N3b3JkXCIgaW4gdmFsdWUgJiZcbiAgICB0eXBlb2YgdmFsdWUucGFzc3dvcmQgPT09IFwic3RyaW5nXCJcbiAgKVxufVxuIl19
176
+ function hasCredentialsKeyWithStringValue(value) {
177
+ return (typeof value === "object" &&
178
+ value !== null &&
179
+ "credentials" in value &&
180
+ typeof value.credentials === "string");
181
+ }
182
+ function isStringArray(value) {
183
+ if (!Array.isArray(value)) {
184
+ return false;
185
+ }
186
+ for (const element of value) {
187
+ if (typeof element !== "string") {
188
+ return false;
189
+ }
190
+ }
191
+ return true;
192
+ }
193
+ /**
194
+ * We want to return the requesting username as a context variable in
195
+ * {@link AuthorizerResult.context}, for API Gateway access logs and parameter mapping. So if the
196
+ * basic auth credentials secret is stored as pre-encoded base64 strings, we need to parse them to
197
+ * get the username.
198
+ */
199
+ function parseEncodedBasicAuthCredentials(encodedCredentials) {
200
+ let decodedCredentials;
201
+ try {
202
+ decodedCredentials = Buffer.from(encodedCredentials, "base64").toString();
203
+ }
204
+ catch (e) {
205
+ console.error("Basic auth credentials secret could not be decoded as base64:", e);
206
+ throw new Error();
207
+ }
208
+ const usernameAndPassword = decodedCredentials.split(":", 2);
209
+ if (usernameAndPassword.length !== 2) {
210
+ console.error("Basic auth credentials secret could not be decoded as 'username:password'");
211
+ throw new Error();
212
+ }
213
+ return {
214
+ basicAuthHeader: `Basic ${encodedCredentials}`,
215
+ username: usernameAndPassword[0],
216
+ };
217
+ }
218
+ export function clearCache() {
219
+ cachedTokenVerifier = undefined;
220
+ cachedBasicAuthCredentials = undefined;
221
+ }
222
+ //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY29nbml0by11c2VyLXBvb2wtb3ItYmFzaWMtYXV0aC1hdXRob3JpemVyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL2FwaS1nYXRld2F5L2F1dGhvcml6ZXItbGFtYmRhcy9jb2duaXRvLXVzZXItcG9vbC1vci1iYXNpYy1hdXRoLWF1dGhvcml6ZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUE7Ozs7Ozs7Ozs7Ozs7R0FhRztBQU1ILE9BQU8sRUFBRSxjQUFjLEVBQUUsTUFBTSxpQ0FBaUMsQ0FBQTtBQUNoRSxPQUFPLEVBQUUsa0JBQWtCLEVBQUUsTUFBTSxnQkFBZ0IsQ0FBQTtBQW1DbkQsTUFBTSxDQUFDLE1BQU0sT0FBTyxHQUFHLEtBQUssRUFDMUIsS0FBeUMsRUFDZCxFQUFFO0lBQzdCLE1BQU0sVUFBVSxHQUFHLEtBQUssQ0FBQyxPQUFPLEVBQUUsYUFBYSxDQUFBO0lBQy9DLElBQUksQ0FBQyxVQUFVLEVBQUUsQ0FBQztRQUNoQixPQUFPLEVBQUUsWUFBWSxFQUFFLEtBQUssRUFBRSxDQUFBO0lBQ2hDLENBQUM7SUFFRCxNQUFNLDRCQUE0QixHQUFHLE1BQU0sK0JBQStCLEVBQUUsQ0FBQTtJQUU1RSxJQUFJLFVBQVUsQ0FBQyxVQUFVLENBQUMsU0FBUyxDQUFDLEVBQUUsQ0FBQztRQUNyQyxNQUFNLE1BQU0sR0FBRyxNQUFNLGlCQUFpQixDQUFDLFVBQVUsQ0FBQyxTQUFTLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQSxDQUFDLGtDQUFrQztRQUNsRyxRQUFRLE1BQU0sRUFBRSxDQUFDO1lBQ2YsS0FBSyxTQUFTO2dCQUNaLE9BQU8sRUFBRSxZQUFZLEVBQUUsS0FBSyxFQUFFLENBQUE7WUFDaEMsS0FBSyxTQUFTO2dCQUNaLHdGQUF3RjtnQkFDeEYscUZBQXFGO2dCQUNyRix5RkFBeUY7Z0JBQ3pGLHFFQUFxRTtnQkFDckUsTUFBTSxJQUFJLEtBQUssQ0FBQyxjQUFjLENBQUMsQ0FBQTtZQUNqQztnQkFDRSxPQUFPO29CQUNMLFlBQVksRUFBRSxJQUFJO29CQUNsQixPQUFPLEVBQUU7d0JBQ1AsUUFBUSxFQUFFLE1BQU0sQ0FBQyxTQUFTO3dCQUMxQiwyQkFBMkIsRUFDekIsNEJBQTRCLEVBQUUsQ0FBQyxDQUFDLENBQUMsRUFBRSxlQUFlO3FCQUNyRDtpQkFDRixDQUFBO1FBQ0wsQ0FBQztJQUNILENBQUM7U0FBTSxJQUNMLFVBQVUsQ0FBQyxVQUFVLENBQUMsUUFBUSxDQUFDO1FBQy9CLDRCQUE0QixLQUFLLFNBQVMsRUFDMUMsQ0FBQztRQUNELEtBQUssTUFBTSxRQUFRLElBQUksNEJBQTRCLEVBQUUsQ0FBQztZQUNwRCxJQUFJLFVBQVUsS0FBSyxRQUFRLENBQUMsZUFBZSxFQUFFLENBQUM7Z0JBQzVDLE9BQU87b0JBQ0wsWUFBWSxFQUFFLElBQUk7b0JBQ2xCLE9BQU8sRUFBRTt3QkFDUCxRQUFRLEVBQUUsUUFBUSxDQUFDLFFBQVE7d0JBQzNCLDJCQUEyQixFQUFFLFFBQVEsQ0FBQyxlQUFlO3FCQUN0RDtpQkFDRixDQUFBO1lBQ0gsQ0FBQztRQUNILENBQUM7UUFDRCxPQUFPLEVBQUUsWUFBWSxFQUFFLEtBQUssRUFBRSxDQUFBO0lBQ2hDLENBQUM7U0FBTSxDQUFDO1FBQ04sT0FBTyxFQUFFLFlBQVksRUFBRSxLQUFLLEVBQUUsQ0FBQTtJQUNoQyxDQUFDO0FBQ0gsQ0FBQyxDQUFBO0FBRUQsNERBQTREO0FBQzVELEtBQUssVUFBVSxpQkFBaUIsQ0FDOUIsS0FBYTtJQUViLElBQUksQ0FBQztRQUNILE1BQU0sYUFBYSxHQUFHLGdCQUFnQixFQUFFLENBQUE7UUFDeEMsNkZBQTZGO1FBQzdGLGdCQUFnQjtRQUNoQixPQUFPLE1BQU0sYUFBYSxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsQ0FBQTtJQUMxQyxDQUFDO0lBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztRQUNYLDREQUE0RDtRQUM1RCwwR0FBMEc7UUFDMUcsOEZBQThGO1FBQzlGLGNBQWM7UUFDZCxJQUFJLENBQUMsWUFBWSxLQUFLLElBQUksQ0FBQyxDQUFDLE9BQU8sRUFBRSxRQUFRLENBQUMsZUFBZSxDQUFDLEVBQUUsQ0FBQztZQUMvRCxPQUFPLFNBQVMsQ0FBQTtRQUNsQixDQUFDO2FBQU0sQ0FBQztZQUNOLE9BQU8sU0FBUyxDQUFBO1FBQ2xCLENBQUM7SUFDSCxDQUFDO0FBQ0gsQ0FBQztBQU1EOzs7R0FHRztBQUNILElBQUksbUJBQW1CLEdBQThCLFNBQVMsQ0FBQTtBQUU5RCxTQUFTLGdCQUFnQjtJQUN2QixJQUFJLG1CQUFtQixLQUFLLFNBQVMsRUFBRSxDQUFDO1FBQ3RDLG1CQUFtQixHQUFHLFlBQVksQ0FBQyxtQkFBbUIsRUFBRSxDQUFBO0lBQzFELENBQUM7SUFDRCxPQUFPLG1CQUFtQixDQUFBO0FBQzVCLENBQUM7QUFFRCxtREFBbUQ7QUFDbkQsTUFBTSxDQUFDLE1BQU0sWUFBWSxHQUFHO0lBQzFCLG1CQUFtQixFQUFFLEdBQWtCLEVBQUU7UUFDdkMsTUFBTSxVQUFVLEdBQUcsT0FBTyxDQUFDLEdBQUcsQ0FBQyxjQUFjLENBQUMsQ0FBQTtRQUM5QyxJQUFJLENBQUMsVUFBVSxFQUFFLENBQUM7WUFDaEIsT0FBTyxDQUFDLEtBQUssQ0FBQywwQ0FBMEMsQ0FBQyxDQUFBO1lBQ3pELE1BQU0sSUFBSSxLQUFLLEVBQUUsQ0FBQTtRQUNuQixDQUFDO1FBRUQsT0FBTyxrQkFBa0IsQ0FBQyxNQUFNLENBQUM7WUFDL0IsVUFBVTtZQUNWLFFBQVEsRUFBRSxRQUFRO1lBQ2xCLFFBQVEsRUFBRSxJQUFJO1lBQ2QsS0FBSyxFQUFFLE9BQU8sQ0FBQyxHQUFHLENBQUMsY0FBYyxJQUFJLFNBQVMsRUFBRSx5Q0FBeUM7U0FDMUYsQ0FBQyxDQUFBO0lBQ0osQ0FBQztJQUNELG9CQUFvQixFQUFFLEdBQUcsRUFBRSxDQUFDLElBQUksY0FBYyxFQUFFO0NBQ2pELENBQUE7QUFPRCxxRkFBcUY7QUFDckYsSUFBSSwwQkFBMEIsR0FDNUIsU0FBUyxDQUFBO0FBRVg7OztHQUdHO0FBQ0gsS0FBSyxVQUFVLCtCQUErQjtJQUc1QyxJQUFJLDBCQUEwQixLQUFLLFNBQVMsRUFBRSxDQUFDO1FBQzdDLE1BQU0sVUFBVSxHQUNkLE9BQU8sQ0FBQyxHQUFHLENBQUMsb0NBQW9DLENBQUMsQ0FBQTtRQUNuRCxJQUFJLENBQUMsVUFBVSxFQUFFLENBQUM7WUFDaEIsT0FBTyxTQUFTLENBQUE7UUFDbEIsQ0FBQztRQUVELDBCQUEwQixHQUFHLE1BQU0sNkJBQTZCLENBQUMsVUFBVSxDQUFDLENBQUE7SUFDOUUsQ0FBQztJQUVELE9BQU8sMEJBQTBCLENBQUE7QUFDbkMsQ0FBQztBQUVELEtBQUssVUFBVSw2QkFBNkIsQ0FDMUMsVUFBa0I7SUFFbEIsTUFBTSxNQUFNLEdBQUcsTUFBTSxjQUFjLENBQUMsVUFBVSxDQUFDLENBQUE7SUFFL0MsSUFBSSwyQkFBMkIsQ0FBQyxNQUFNLENBQUMsRUFBRSxDQUFDO1FBQ3hDLE1BQU0sTUFBTSxHQUNWLFFBQVE7WUFDUixNQUFNLENBQUMsSUFBSSxDQUFDLEdBQUcsTUFBTSxDQUFDLFFBQVEsSUFBSSxNQUFNLENBQUMsUUFBUSxFQUFFLENBQUMsQ0FBQyxRQUFRLENBQUMsUUFBUSxDQUFDLENBQUE7UUFDekUsT0FBTyxDQUFDLEVBQUUsZUFBZSxFQUFFLE1BQU0sRUFBRSxRQUFRLEVBQUUsTUFBTSxDQUFDLFFBQVEsRUFBRSxDQUFDLENBQUE7SUFDakUsQ0FBQztJQUVELGlHQUFpRztJQUNqRyxnQkFBZ0I7SUFDaEIsSUFBSSxnQ0FBZ0MsQ0FBQyxNQUFNLENBQUMsRUFBRSxDQUFDO1FBQzdDLElBQUksZ0JBQXlCLENBQUE7UUFDN0IsSUFBSSxDQUFDO1lBQ0gsZ0JBQWdCLEdBQUcsSUFBSSxDQUFDLEtBQUssQ0FBQyxNQUFNLENBQUMsV0FBVyxDQUFDLENBQUE7UUFDbkQsQ0FBQztRQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7WUFDWCxPQUFPLENBQUMsS0FBSyxDQUNYLGdEQUFnRCxVQUFVLFdBQVcsRUFDckUsQ0FBQyxDQUNGLENBQUE7WUFDRCxNQUFNLElBQUksS0FBSyxFQUFFLENBQUE7UUFDbkIsQ0FBQztRQUVELElBQUksYUFBYSxDQUFDLGdCQUFnQixDQUFDLEVBQUUsQ0FBQztZQUNwQyxPQUFPLGdCQUFnQixDQUFDLEdBQUcsQ0FBQyxnQ0FBZ0MsQ0FBQyxDQUFBO1FBQy9ELENBQUM7SUFDSCxDQUFDO0lBRUQsT0FBTyxDQUFDLEtBQUssQ0FDWCxtRkFBbUYsVUFBVSxJQUFJLENBQ2xHLENBQUE7SUFDRCxNQUFNLElBQUksS0FBSyxFQUFFLENBQUE7QUFDbkIsQ0FBQztBQUVELEtBQUssVUFBVSxjQUFjLENBQUMsVUFBa0I7SUFDOUMsTUFBTSxNQUFNLEdBQUcsWUFBWSxDQUFDLG9CQUFvQixFQUFFLENBQUE7SUFDbEQsTUFBTSxNQUFNLEdBQUcsTUFBTSxNQUFNLENBQUMsY0FBYyxDQUFDLEVBQUUsUUFBUSxFQUFFLFVBQVUsRUFBRSxDQUFDLENBQUE7SUFFcEUsSUFBSSxDQUFDLE1BQU0sQ0FBQyxZQUFZLEVBQUUsQ0FBQztRQUN6QixPQUFPLENBQUMsS0FBSyxDQUFDLCtCQUErQixVQUFVLEdBQUcsQ0FBQyxDQUFBO1FBQzNELE1BQU0sSUFBSSxLQUFLLEVBQUUsQ0FBQTtJQUNuQixDQUFDO0lBRUQsSUFBSSxDQUFDO1FBQ0gsT0FBTyxJQUFJLENBQUMsS0FBSyxDQUFDLE1BQU0sQ0FBQyxZQUFZLENBQUMsQ0FBQTtJQUN4QyxDQUFDO0lBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztRQUNYLE9BQU8sQ0FBQyxLQUFLLENBQUMsMkJBQTJCLFVBQVUsWUFBWSxFQUFFLENBQUMsQ0FBQyxDQUFBO1FBQ25FLE1BQU0sSUFBSSxLQUFLLEVBQUUsQ0FBQTtJQUNuQixDQUFDO0FBQ0gsQ0FBQztBQUVELFNBQVMsMkJBQTJCLENBQ2xDLEtBQWM7SUFFZCxPQUFPLENBQ0wsT0FBTyxLQUFLLEtBQUssUUFBUTtRQUN6QixLQUFLLEtBQUssSUFBSTtRQUNkLFVBQVUsSUFBSSxLQUFLO1FBQ25CLE9BQU8sS0FBSyxDQUFDLFFBQVEsS0FBSyxRQUFRO1FBQ2xDLFVBQVUsSUFBSSxLQUFLO1FBQ25CLE9BQU8sS0FBSyxDQUFDLFFBQVEsS0FBSyxRQUFRLENBQ25DLENBQUE7QUFDSCxDQUFDO0FBRUQsU0FBUyxnQ0FBZ0MsQ0FDdkMsS0FBYztJQUVkLE9BQU8sQ0FDTCxPQUFPLEtBQUssS0FBSyxRQUFRO1FBQ3pCLEtBQUssS0FBSyxJQUFJO1FBQ2QsYUFBYSxJQUFJLEtBQUs7UUFDdEIsT0FBTyxLQUFLLENBQUMsV0FBVyxLQUFLLFFBQVEsQ0FDdEMsQ0FBQTtBQUNILENBQUM7QUFFRCxTQUFTLGFBQWEsQ0FBQyxLQUFjO0lBQ25DLElBQUksQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDLEtBQUssQ0FBQyxFQUFFLENBQUM7UUFDMUIsT0FBTyxLQUFLLENBQUE7SUFDZCxDQUFDO0lBRUQsS0FBSyxNQUFNLE9BQU8sSUFBSSxLQUFLLEVBQUUsQ0FBQztRQUM1QixJQUFJLE9BQU8sT0FBTyxLQUFLLFFBQVEsRUFBRSxDQUFDO1lBQ2hDLE9BQU8sS0FBSyxDQUFBO1FBQ2QsQ0FBQztJQUNILENBQUM7SUFFRCxPQUFPLElBQUksQ0FBQTtBQUNiLENBQUM7QUFFRDs7Ozs7R0FLRztBQUNILFNBQVMsZ0NBQWdDLENBQ3ZDLGtCQUEwQjtJQUUxQixJQUFJLGtCQUEwQixDQUFBO0lBQzlCLElBQUksQ0FBQztRQUNILGtCQUFrQixHQUFHLE1BQU0sQ0FBQyxJQUFJLENBQUMsa0JBQWtCLEVBQUUsUUFBUSxDQUFDLENBQUMsUUFBUSxFQUFFLENBQUE7SUFDM0UsQ0FBQztJQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7UUFDWCxPQUFPLENBQUMsS0FBSyxDQUNYLCtEQUErRCxFQUMvRCxDQUFDLENBQ0YsQ0FBQTtRQUNELE1BQU0sSUFBSSxLQUFLLEVBQUUsQ0FBQTtJQUNuQixDQUFDO0lBRUQsTUFBTSxtQkFBbUIsR0FBRyxrQkFBa0IsQ0FBQyxLQUFLLENBQUMsR0FBRyxFQUFFLENBQUMsQ0FBQyxDQUFBO0lBQzVELElBQUksbUJBQW1CLENBQUMsTUFBTSxLQUFLLENBQUMsRUFBRSxDQUFDO1FBQ3JDLE9BQU8sQ0FBQyxLQUFLLENBQ1gsMkVBQTJFLENBQzVFLENBQUE7UUFDRCxNQUFNLElBQUksS0FBSyxFQUFFLENBQUE7SUFDbkIsQ0FBQztJQUVELE9BQU87UUFDTCxlQUFlLEVBQUUsU0FBUyxrQkFBa0IsRUFBRTtRQUM5QyxRQUFRLEVBQUUsbUJBQW1CLENBQUMsQ0FBQyxDQUFDO0tBQ2pDLENBQUE7QUFDSCxDQUFDO0FBRUQsTUFBTSxVQUFVLFVBQVU7SUFDeEIsbUJBQW1CLEdBQUcsU0FBUyxDQUFBO0lBQy9CLDBCQUEwQixHQUFHLFNBQVMsQ0FBQTtBQUN4QyxDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiLyoqXG4gKiBUaGlzIGxhbWJkYSB2ZXJpZmllcyBjcmVkZW50aWFsczpcbiAqIC0gQWdhaW5zdCBDb2duaXRvIHVzZXIgcG9vbCBpZiByZXF1ZXN0IHVzZXMgYWNjZXNzIHRva2VuIGluIEJlYXJlciBhdXRob3JpemF0aW9uIGhlYWRlclxuICogLSBBZ2FpbnN0IGNyZWRlbnRpYWxzIHNhdmVkIGluIFNlY3JldCBNYW5hZ2VyIGlmIHJlcXVlc3QgdXNlcyBiYXNpYyBhdXRoIChhbmQgaWYgc2VjcmV0IGV4aXN0cylcbiAqXG4gKiBFeHBlY3RzIHRoZSBmb2xsb3dpbmcgZW52aXJvbm1lbnQgdmFyaWFibGVzXG4gKiAtIFVTRVJfUE9PTF9JRFxuICogLSBCQVNJQ19BVVRIX0NSRURFTlRJQUxTX1NFQ1JFVF9OQU1FIChvcHRpb25hbClcbiAqICAgLSBTZWNyZXQgdmFsdWUgc2hvdWxkIGZvbGxvdyB0aGlzIGZvcm1hdDogYHtcInVzZXJuYW1lXCI6XCI8dXNlcm5hbWU+XCIsXCJwYXNzd29yZFwiOlwiPHBhc3N3b3JkPlwifWAuXG4gKiAgICAgQSBkaWZmZXJlbnQgZm9ybWF0IHdpdGggYW4gYXJyYXkgb2YgcHJlLWVuY29kZWQgY3JlZGVudGlhbHMgaXMgYWxzbyBzdXBwb3J0ZWQgLSBzZWUgZG9jcyBmb3JcbiAqICAgICB0aGUgYENvZ25pdG9Vc2VyUG9vbE9yQmFzaWNBdXRoQXV0aG9yaXplclByb3BzYCBvbiB0aGUgYEFwaUdhdGV3YXlgIGNvbnN0cnVjdC5cbiAqIC0gUkVRVUlSRURfU0NPUEUgKG9wdGlvbmFsKVxuICogICAtIFNldCB0aGlzIHRvIHJlcXVpcmUgdGhhdCB0aGUgYWNjZXNzIHRva2VuIHBheWxvYWQgY29udGFpbnMgdGhlIGdpdmVuIHNjb3BlXG4gKi9cblxuaW1wb3J0IHR5cGUge1xuICBBUElHYXRld2F5UmVxdWVzdEF1dGhvcml6ZXJFdmVudFYyLFxuICBBUElHYXRld2F5U2ltcGxlQXV0aG9yaXplclJlc3VsdCxcbn0gZnJvbSBcImF3cy1sYW1iZGFcIlxuaW1wb3J0IHsgU2VjcmV0c01hbmFnZXIgfSBmcm9tIFwiQGF3cy1zZGsvY2xpZW50LXNlY3JldHMtbWFuYWdlclwiXG5pbXBvcnQgeyBDb2duaXRvSnd0VmVyaWZpZXIgfSBmcm9tIFwiYXdzLWp3dC12ZXJpZnlcIlxuaW1wb3J0IHR5cGUgeyBDb2duaXRvQWNjZXNzVG9rZW5QYXlsb2FkIH0gZnJvbSBcImF3cy1qd3QtdmVyaWZ5L2p3dC1tb2RlbFwiXG5cbnR5cGUgQXV0aG9yaXplclJlc3VsdCA9IEFQSUdhdGV3YXlTaW1wbGVBdXRob3JpemVyUmVzdWx0ICYge1xuICAvKipcbiAgICogUmV0dXJuaW5nIGEgY29udGV4dCBvYmplY3QgZnJvbSBvdXIgYXV0aG9yaXplciBhbGxvd3Mgb3VyIEFQSSBHYXRld2F5IHRvIGFjY2VzcyB0aGVzZSB2YXJpYWJsZXNcbiAgICogdmlhIGAke2NvbnRleHQuYXV0aG9yaXplci48cHJvcGVydHk+fWAuXG4gICAqIGh0dHBzOi8vZG9jcy5hd3MuYW1hem9uLmNvbS9hcGlnYXRld2F5L2xhdGVzdC9kZXZlbG9wZXJndWlkZS9odHRwLWFwaS1wYXJhbWV0ZXItbWFwcGluZy5odG1sXG4gICAqL1xuICBjb250ZXh0Pzoge1xuICAgIC8qKlxuICAgICAqIElmIHRoZSByZXF1ZXN0IHVzZWQgYW4gYWNjZXNzIHRva2VuLCBhbmQgdGhlIHRva2VuIHdhcyB2ZXJpZmllZCwgd2UgcmV0dXJuIHRoZSBhdXRoIGNsaWVudCBJRFxuICAgICAqIGZyb20gdGhlIHRva2VuJ3MgY2xhaW1zIGluIHRoaXMgY29udGV4dCB2YXJpYWJsZSAobmFtZWQgYGF1dGhvcml6ZXIuY2xpZW50SWRgKS4gV2UgdXNlIHRoaXNcbiAgICAgKiB0byBpbmNsdWRlIHRoZSByZXF1ZXN0aW5nIGNsaWVudCBpbiB0aGUgQVBJIEdhdGV3YXkgYWNjZXNzIGxvZ3MgKHNlZSBgZGVmYXVsdEFjY2Vzc0xvZ0Zvcm1hdGBcbiAgICAgKiBpbiBvdXIgYEFwaUdhdGV3YXlgIGNvbnN0cnVjdCkuIFlvdSBjYW4gYWxzbyB1c2UgdGhpcyB3aGVuIG1hcHBpbmcgcGFyYW1ldGVycyB0byB0aGUgYmFja2VuZFxuICAgICAqIGludGVncmF0aW9uIChzZWUgYEFsYkludGVncmF0aW9uUHJvcHMubWFwUGFyYW1ldGVyc2Agb24gdGhlIGBBcGlHYXRld2F5YCBjb25zdHJ1Y3QpLlxuICAgICAqL1xuICAgIGNsaWVudElkPzogc3RyaW5nXG4gICAgLyoqXG4gICAgICogSWYgdGhlIHJlcXVlc3QgdXNlZCBCYXNpYyBBdXRoLCBhbmQgdGhlIGNyZWRlbnRpYWxzIHdlcmUgdmVyaWZpZWQsIHdlIHJldHVybiB0aGUgdXNlcm5hbWVcbiAgICAgKiB0aGF0IHdhcyB1c2VkIGluIHRoaXMgY29udGV4dCB2YXJpYWJsZSAobmFtZWQgYGF1dGhvcml6ZXIudXNlcm5hbWVgKS4gV2UgdXNlIHRoaXMgdG8gaW5jbHVkZVxuICAgICAqIHRoZSByZXF1ZXN0aW5nIHVzZXIgaW4gdGhlIEFQSSBHYXRld2F5IGFjY2VzcyBsb2dzIChzZWUgYGRlZmF1bHRBY2Nlc3NMb2dGb3JtYXRgIGluIG91clxuICAgICAqIGBBcGlHYXRld2F5YCBjb25zdHJ1Y3QpLiBZb3UgY2FuIGFsc28gdXNlIHRoaXMgd2hlbiBtYXBwaW5nIHBhcmFtZXRlcnMgdG8gdGhlIGJhY2tlbmRcbiAgICAgKiBpbnRlZ3JhdGlvbiAoc2VlIGBBbGJJbnRlZ3JhdGlvblByb3BzLm1hcFBhcmFtZXRlcnNgIG9uIHRoZSBgQXBpR2F0ZXdheWAgY29uc3RydWN0KS5cbiAgICAgKi9cbiAgICB1c2VybmFtZT86IHN0cmluZ1xuICAgIC8qKlxuICAgICAqIFNlZSBgQ29nbml0b1VzZXJQb29sQXV0aG9yaXplclByb3BzLmJhc2ljQXV0aEZvckludGVybmFsQXV0aG9yaXphdGlvbmAgb24gdGhlIGBBcGlHYXRld2F5YFxuICAgICAqIGNvbnN0cnVjdCAod2UgcHJvdmlkZSB0aGUgc2FtZSBjb250ZXh0IHZhcmlhYmxlIGhlcmUgYXMgaW4gdGhlIENvZ25pdG8gVXNlciBQb29sIGF1dGhvcml6ZXIsXG4gICAgICogdXNpbmcgdGhlIGNyZWRlbnRpYWxzIGZyb20gQkFTSUNfQVVUSF9DUkVERU5USUFMU19TRUNSRVRfTkFNRSkuXG4gICAgICovXG4gICAgaW50ZXJuYWxBdXRob3JpemF0aW9uSGVhZGVyPzogc3RyaW5nXG4gIH1cbn1cblxuZXhwb3J0IGNvbnN0IGhhbmRsZXIgPSBhc3luYyAoXG4gIGV2ZW50OiBBUElHYXRld2F5UmVxdWVzdEF1dGhvcml6ZXJFdmVudFYyLFxuKTogUHJvbWlzZTxBdXRob3JpemVyUmVzdWx0PiA9PiB7XG4gIGNvbnN0IGF1dGhIZWFkZXIgPSBldmVudC5oZWFkZXJzPy5hdXRob3JpemF0aW9uXG4gIGlmICghYXV0aEhlYWRlcikge1xuICAgIHJldHVybiB7IGlzQXV0aG9yaXplZDogZmFsc2UgfVxuICB9XG5cbiAgY29uc3QgZXhwZWN0ZWRCYXNpY0F1dGhDcmVkZW50aWFscyA9IGF3YWl0IGdldEV4cGVjdGVkQmFzaWNBdXRoQ3JlZGVudGlhbHMoKVxuXG4gIGlmIChhdXRoSGVhZGVyLnN0YXJ0c1dpdGgoXCJCZWFyZXIgXCIpKSB7XG4gICAgY29uc3QgcmVzdWx0ID0gYXdhaXQgdmVyaWZ5QWNjZXNzVG9rZW4oYXV0aEhlYWRlci5zdWJzdHJpbmcoNykpIC8vIHN1YnN0cmluZyg3KSA9PSBhZnRlciAnQmVhcmVyICdcbiAgICBzd2l0Y2ggKHJlc3VsdCkge1xuICAgICAgY2FzZSBcIklOVkFMSURcIjpcbiAgICAgICAgcmV0dXJuIHsgaXNBdXRob3JpemVkOiBmYWxzZSB9XG4gICAgICBjYXNlIFwiRVhQSVJFRFwiOlxuICAgICAgICAvLyBXZSB3YW50IHRvIHJldHVybiA0MDEgVW5hdXRob3JpemVkIGZvciBleHBpcmVkIHRva2Vucywgc28gdGhlIGNsaWVudCBrbm93cyB0byByZWZyZXNoXG4gICAgICAgIC8vIHRoZWlyIHRva2VuIHdoZW4gcmVjZWl2aW5nIHRoaXMgc3RhdHVzIGNvZGUuIEFQSSBHYXRld2F5IGF1dGhvcml6ZXIgbGFtYmRhcyByZXR1cm5cbiAgICAgICAgLy8gNDAzIEZvcmJpZGRlbiBmb3Ige2lzQXV0aG9yaXplZDogZmFsc2V9LCBidXQgdGhlcmUgaXMgYSB3YXkgdG8gcmV0dXJuIDQwMTogdGhyb3dpbmcgYW5cbiAgICAgICAgLy8gZXJyb3Igd2l0aCB0aGlzIGV4YWN0IHN0cmluZy4gaHR0cHM6Ly9zdGFja292ZXJmbG93LmNvbS9hLzcxOTY1ODkwXG4gICAgICAgIHRocm93IG5ldyBFcnJvcihcIlVuYXV0aG9yaXplZFwiKVxuICAgICAgZGVmYXVsdDpcbiAgICAgICAgcmV0dXJuIHtcbiAgICAgICAgICBpc0F1dGhvcml6ZWQ6IHRydWUsXG4gICAgICAgICAgY29udGV4dDoge1xuICAgICAgICAgICAgY2xpZW50SWQ6IHJlc3VsdC5jbGllbnRfaWQsXG4gICAgICAgICAgICBpbnRlcm5hbEF1dGhvcml6YXRpb25IZWFkZXI6XG4gICAgICAgICAgICAgIGV4cGVjdGVkQmFzaWNBdXRoQ3JlZGVudGlhbHM/LlswXT8uYmFzaWNBdXRoSGVhZGVyLFxuICAgICAgICAgIH0sXG4gICAgICAgIH1cbiAgICB9XG4gIH0gZWxzZSBpZiAoXG4gICAgYXV0aEhlYWRlci5zdGFydHNXaXRoKFwiQmFzaWMgXCIpICYmXG4gICAgZXhwZWN0ZWRCYXNpY0F1dGhDcmVkZW50aWFscyAhPT0gdW5kZWZpbmVkXG4gICkge1xuICAgIGZvciAoY29uc3QgZXhwZWN0ZWQgb2YgZXhwZWN0ZWRCYXNpY0F1dGhDcmVkZW50aWFscykge1xuICAgICAgaWYgKGF1dGhIZWFkZXIgPT09IGV4cGVjdGVkLmJhc2ljQXV0aEhlYWRlcikge1xuICAgICAgICByZXR1cm4ge1xuICAgICAgICAgIGlzQXV0aG9yaXplZDogdHJ1ZSxcbiAgICAgICAgICBjb250ZXh0OiB7XG4gICAgICAgICAgICB1c2VybmFtZTogZXhwZWN0ZWQudXNlcm5hbWUsXG4gICAgICAgICAgICBpbnRlcm5hbEF1dGhvcml6YXRpb25IZWFkZXI6IGV4cGVjdGVkLmJhc2ljQXV0aEhlYWRlcixcbiAgICAgICAgICB9LFxuICAgICAgICB9XG4gICAgICB9XG4gICAgfVxuICAgIHJldHVybiB7IGlzQXV0aG9yaXplZDogZmFsc2UgfVxuICB9IGVsc2Uge1xuICAgIHJldHVybiB7IGlzQXV0aG9yaXplZDogZmFsc2UgfVxuICB9XG59XG5cbi8qKiBEZWNvZGVzIGFuZCB2ZXJpZmllcyB0aGUgZ2l2ZW4gdG9rZW4gYWdhaW5zdCBDb2duaXRvLiAqL1xuYXN5bmMgZnVuY3Rpb24gdmVyaWZ5QWNjZXNzVG9rZW4oXG4gIHRva2VuOiBzdHJpbmcsXG4pOiBQcm9taXNlPENvZ25pdG9BY2Nlc3NUb2tlblBheWxvYWQgfCBcIkVYUElSRURcIiB8IFwiSU5WQUxJRFwiPiB7XG4gIHRyeSB7XG4gICAgY29uc3QgdG9rZW5WZXJpZmllciA9IGdldFRva2VuVmVyaWZpZXIoKVxuICAgIC8vIE11c3QgYXdhaXQgaGVyZSBpbnN0ZWFkIG9mIHJldHVybmluZyB0aGUgcHJvbWlzZSBkaXJlY3RseSwgc28gdGhhdCBlcnJvcnMgY2FuIGJlIGNhdWdodCBpblxuICAgIC8vIHRoaXMgZnVuY3Rpb25cbiAgICByZXR1cm4gYXdhaXQgdG9rZW5WZXJpZmllci52ZXJpZnkodG9rZW4pXG4gIH0gY2F0Y2ggKGUpIHtcbiAgICAvLyBJZiB0aGUgSldUIGhhcyBleHBpcmVkLCBhd3Mtand0LXZlcmlmeSB0aHJvd3MgdGhpcyBlcnJvcjpcbiAgICAvLyBodHRwczovL2dpdGh1Yi5jb20vYXdzbGFicy9hd3Mtand0LXZlcmlmeS9ibG9iLzhkOGY3MTRkNzI4MTkxM2VjZDY2MDE0N2Y1YzMwMzExNDc5NjAxYzEvc3JjL2p3dC50cyNMMTk3XG4gICAgLy8gV2UgY2FuJ3QgY2hlY2sgaW5zdGFuY2VvZiBvbiB0aGF0IGVycm9yIGNsYXNzLCBzaW5jZSBpdCdzIG5vdCBleHBvcnRlZCwgc28gdGhpcyBpcyB0aGUgbmV4dFxuICAgIC8vIGJlc3QgdGhpbmcuXG4gICAgaWYgKGUgaW5zdGFuY2VvZiBFcnJvciAmJiBlLm1lc3NhZ2U/LmluY2x1ZGVzKFwiVG9rZW4gZXhwaXJlZFwiKSkge1xuICAgICAgcmV0dXJuIFwiRVhQSVJFRFwiXG4gICAgfSBlbHNlIHtcbiAgICAgIHJldHVybiBcIklOVkFMSURcIlxuICAgIH1cbiAgfVxufVxuXG5leHBvcnQgdHlwZSBUb2tlblZlcmlmaWVyID0ge1xuICB2ZXJpZnk6IChhY2Nlc3NUb2tlbjogc3RyaW5nKSA9PiBQcm9taXNlPENvZ25pdG9BY2Nlc3NUb2tlblBheWxvYWQ+XG59XG5cbi8qKlxuICogV2UgY2FjaGUgdGhlIHZlcmlmaWVyIGluIHRoaXMgZ2xvYmFsIHZhcmlhYmxlLCBzbyB0aGF0IHN1YnNlcXVlbnQgaW52b2NhdGlvbnMgb2YgYSBob3QgbGFtYmRhXG4gKiB3aWxsIHJlLXVzZSB0aGlzLlxuICovXG5sZXQgY2FjaGVkVG9rZW5WZXJpZmllcjogVG9rZW5WZXJpZmllciB8IHVuZGVmaW5lZCA9IHVuZGVmaW5lZFxuXG5mdW5jdGlvbiBnZXRUb2tlblZlcmlmaWVyKCk6IFRva2VuVmVyaWZpZXIge1xuICBpZiAoY2FjaGVkVG9rZW5WZXJpZmllciA9PT0gdW5kZWZpbmVkKSB7XG4gICAgY2FjaGVkVG9rZW5WZXJpZmllciA9IGRlcGVuZGVuY2llcy5jcmVhdGVUb2tlblZlcmlmaWVyKClcbiAgfVxuICByZXR1cm4gY2FjaGVkVG9rZW5WZXJpZmllclxufVxuXG4vKiogRm9yIG92ZXJyaWRpbmcgZGVwZW5kZW5jeSBjcmVhdGlvbiBpbiB0ZXN0cy4gKi9cbmV4cG9ydCBjb25zdCBkZXBlbmRlbmNpZXMgPSB7XG4gIGNyZWF0ZVRva2VuVmVyaWZpZXI6ICgpOiBUb2tlblZlcmlmaWVyID0+IHtcbiAgICBjb25zdCB1c2VyUG9vbElkID0gcHJvY2Vzcy5lbnZbXCJVU0VSX1BPT0xfSURcIl1cbiAgICBpZiAoIXVzZXJQb29sSWQpIHtcbiAgICAgIGNvbnNvbGUuZXJyb3IoXCJVU0VSX1BPT0xfSUQgZW52IHZhcmlhYmxlIGlzIG5vdCBkZWZpbmVkXCIpXG4gICAgICB0aHJvdyBuZXcgRXJyb3IoKVxuICAgIH1cblxuICAgIHJldHVybiBDb2duaXRvSnd0VmVyaWZpZXIuY3JlYXRlKHtcbiAgICAgIHVzZXJQb29sSWQsXG4gICAgICB0b2tlblVzZTogXCJhY2Nlc3NcIixcbiAgICAgIGNsaWVudElkOiBudWxsLFxuICAgICAgc2NvcGU6IHByb2Nlc3MuZW52LlJFUVVJUkVEX1NDT1BFIHx8IHVuZGVmaW5lZCwgLy8gYHx8IHVuZGVmaW5lZGAgdG8gZGlzY2FyZCBlbXB0eSBzdHJpbmdcbiAgICB9KVxuICB9LFxuICBjcmVhdGVTZWNyZXRzTWFuYWdlcjogKCkgPT4gbmV3IFNlY3JldHNNYW5hZ2VyKCksXG59XG5cbnR5cGUgRXhwZWN0ZWRCYXNpY0F1dGhDcmVkZW50aWFscyA9IHtcbiAgYmFzaWNBdXRoSGVhZGVyOiBzdHJpbmdcbiAgdXNlcm5hbWU6IHN0cmluZ1xufVxuXG4vKiogQ2FjaGUgdGhpcyB2YWx1ZSwgc28gdGhhdCBzdWJzZXF1ZW50IGxhbWJkYSBpbnZvY2F0aW9ucyBkb24ndCBoYXZlIHRvIHJlZmV0Y2guICovXG5sZXQgY2FjaGVkQmFzaWNBdXRoQ3JlZGVudGlhbHM6IEV4cGVjdGVkQmFzaWNBdXRoQ3JlZGVudGlhbHNbXSB8IHVuZGVmaW5lZCA9XG4gIHVuZGVmaW5lZFxuXG4vKipcbiAqIFJldHVybnMgYW4gYXJyYXksIHRvIHN1cHBvcnQgY3JlZGVudGlhbCBzZWNyZXRzIHdpdGggbXVsdGlwbGUgdmFsdWVzIChzZWVcbiAqIGBCYXNpY0F1dGhBdXRob3JpemVyUHJvcHNgIG9uIHRoZSBgQXBpR2F0ZXdheWAgY29uc3RydWN0IGZvciBtb3JlIG9uIHRoaXMpLlxuICovXG5hc3luYyBmdW5jdGlvbiBnZXRFeHBlY3RlZEJhc2ljQXV0aENyZWRlbnRpYWxzKCk6IFByb21pc2U8XG4gIEV4cGVjdGVkQmFzaWNBdXRoQ3JlZGVudGlhbHNbXSB8IHVuZGVmaW5lZFxuPiB7XG4gIGlmIChjYWNoZWRCYXNpY0F1dGhDcmVkZW50aWFscyA9PT0gdW5kZWZpbmVkKSB7XG4gICAgY29uc3Qgc2VjcmV0TmFtZTogc3RyaW5nIHwgdW5kZWZpbmVkID1cbiAgICAgIHByb2Nlc3MuZW52W1wiQkFTSUNfQVVUSF9DUkVERU5USUFMU19TRUNSRVRfTkFNRVwiXVxuICAgIGlmICghc2VjcmV0TmFtZSkge1xuICAgICAgcmV0dXJuIHVuZGVmaW5lZFxuICAgIH1cblxuICAgIGNhY2hlZEJhc2ljQXV0aENyZWRlbnRpYWxzID0gYXdhaXQgZ2V0QmFzaWNBdXRoQ3JlZGVudGlhbHNTZWNyZXQoc2VjcmV0TmFtZSlcbiAgfVxuXG4gIHJldHVybiBjYWNoZWRCYXNpY0F1dGhDcmVkZW50aWFsc1xufVxuXG5hc3luYyBmdW5jdGlvbiBnZXRCYXNpY0F1dGhDcmVkZW50aWFsc1NlY3JldChcbiAgc2VjcmV0TmFtZTogc3RyaW5nLFxuKTogUHJvbWlzZTxFeHBlY3RlZEJhc2ljQXV0aENyZWRlbnRpYWxzW10+IHtcbiAgY29uc3Qgc2VjcmV0ID0gYXdhaXQgZ2V0U2VjcmV0VmFsdWUoc2VjcmV0TmFtZSlcblxuICBpZiAoaXNTaW5nbGVVc2VybmFtZUFuZFBhc3N3b3JkKHNlY3JldCkpIHtcbiAgICBjb25zdCBoZWFkZXIgPVxuICAgICAgXCJCYXNpYyBcIiArXG4gICAgICBCdWZmZXIuZnJvbShgJHtzZWNyZXQudXNlcm5hbWV9OiR7c2VjcmV0LnBhc3N3b3JkfWApLnRvU3RyaW5nKFwiYmFzZTY0XCIpXG4gICAgcmV0dXJuIFt7IGJhc2ljQXV0aEhlYWRlcjogaGVhZGVyLCB1c2VybmFtZTogc2VjcmV0LnVzZXJuYW1lIH1dXG4gIH1cblxuICAvLyBTZWUgYEJhc2ljQXV0aEF1dGhvcml6ZXJQcm9wc2Agb24gdGhlIGBBcGlHYXRld2F5YCBjb25zdHJ1Y3QgZm9yIGFuIGV4cGxhbmF0aW9uIG9mIHRoZSBmb3JtYXRzXG4gIC8vIHdlIHBhcnNlIGhlcmVcbiAgaWYgKGhhc0NyZWRlbnRpYWxzS2V5V2l0aFN0cmluZ1ZhbHVlKHNlY3JldCkpIHtcbiAgICBsZXQgY3JlZGVudGlhbHNBcnJheTogdW5rbm93blxuICAgIHRyeSB7XG4gICAgICBjcmVkZW50aWFsc0FycmF5ID0gSlNPTi5wYXJzZShzZWNyZXQuY3JlZGVudGlhbHMpXG4gICAgfSBjYXRjaCAoZSkge1xuICAgICAgY29uc29sZS5lcnJvcihcbiAgICAgICAgYEZhaWxlZCB0byBwYXJzZSBjcmVkZW50aWFscyBhcnJheSBpbiBzZWNyZXQgJyR7c2VjcmV0TmFtZX0nIGFzIEpTT05gLFxuICAgICAgICBlLFxuICAgICAgKVxuICAgICAgdGhyb3cgbmV3IEVycm9yKClcbiAgICB9XG5cbiAgICBpZiAoaXNTdHJpbmdBcnJheShjcmVkZW50aWFsc0FycmF5KSkge1xuICAgICAgcmV0dXJuIGNyZWRlbnRpYWxzQXJyYXkubWFwKHBhcnNlRW5jb2RlZEJhc2ljQXV0aENyZWRlbnRpYWxzKVxuICAgIH1cbiAgfVxuXG4gIGNvbnNvbGUuZXJyb3IoXG4gICAgYEJhc2ljIGF1dGggY3JlZGVudGlhbHMgc2VjcmV0IGRpZCBub3QgZm9sbG93IGFueSBleHBlY3RlZCBmb3JtYXQgKHNlY3JldCBuYW1lOiAnJHtzZWNyZXROYW1lfScpYCxcbiAgKVxuICB0aHJvdyBuZXcgRXJyb3IoKVxufVxuXG5hc3luYyBmdW5jdGlvbiBnZXRTZWNyZXRWYWx1ZShzZWNyZXROYW1lOiBzdHJpbmcpOiBQcm9taXNlPHVua25vd24+IHtcbiAgY29uc3QgY2xpZW50ID0gZGVwZW5kZW5jaWVzLmNyZWF0ZVNlY3JldHNNYW5hZ2VyKClcbiAgY29uc3Qgc2VjcmV0ID0gYXdhaXQgY2xpZW50LmdldFNlY3JldFZhbHVlKHsgU2VjcmV0SWQ6IHNlY3JldE5hbWUgfSlcblxuICBpZiAoIXNlY3JldC5TZWNyZXRTdHJpbmcpIHtcbiAgICBjb25zb2xlLmVycm9yKGBTZWNyZXQgdmFsdWUgbm90IGZvdW5kIGZvciAnJHtzZWNyZXROYW1lfSdgKVxuICAgIHRocm93IG5ldyBFcnJvcigpXG4gIH1cblxuICB0cnkge1xuICAgIHJldHVybiBKU09OLnBhcnNlKHNlY3JldC5TZWNyZXRTdHJpbmcpXG4gIH0gY2F0Y2ggKGUpIHtcbiAgICBjb25zb2xlLmVycm9yKGBGYWlsZWQgdG8gcGFyc2Ugc2VjcmV0ICcke3NlY3JldE5hbWV9JyBhcyBKU09OOmAsIGUpXG4gICAgdGhyb3cgbmV3IEVycm9yKClcbiAgfVxufVxuXG5mdW5jdGlvbiBpc1NpbmdsZVVzZXJuYW1lQW5kUGFzc3dvcmQoXG4gIHZhbHVlOiB1bmtub3duLFxuKTogdmFsdWUgaXMgeyB1c2VybmFtZTogc3RyaW5nOyBwYXNzd29yZDogc3RyaW5nIH0ge1xuICByZXR1cm4gKFxuICAgIHR5cGVvZiB2YWx1ZSA9PT0gXCJvYmplY3RcIiAmJlxuICAgIHZhbHVlICE9PSBudWxsICYmXG4gICAgXCJ1c2VybmFtZVwiIGluIHZhbHVlICYmXG4gICAgdHlwZW9mIHZhbHVlLnVzZXJuYW1lID09PSBcInN0cmluZ1wiICYmXG4gICAgXCJwYXNzd29yZFwiIGluIHZhbHVlICYmXG4gICAgdHlwZW9mIHZhbHVlLnBhc3N3b3JkID09PSBcInN0cmluZ1wiXG4gIClcbn1cblxuZnVuY3Rpb24gaGFzQ3JlZGVudGlhbHNLZXlXaXRoU3RyaW5nVmFsdWUoXG4gIHZhbHVlOiB1bmtub3duLFxuKTogdmFsdWUgaXMgeyBjcmVkZW50aWFsczogc3RyaW5nIH0ge1xuICByZXR1cm4gKFxuICAgIHR5cGVvZiB2YWx1ZSA9PT0gXCJvYmplY3RcIiAmJlxuICAgIHZhbHVlICE9PSBudWxsICYmXG4gICAgXCJjcmVkZW50aWFsc1wiIGluIHZhbHVlICYmXG4gICAgdHlwZW9mIHZhbHVlLmNyZWRlbnRpYWxzID09PSBcInN0cmluZ1wiXG4gIClcbn1cblxuZnVuY3Rpb24gaXNTdHJpbmdBcnJheSh2YWx1ZTogdW5rbm93bik6IHZhbHVlIGlzIHN0cmluZ1tdIHtcbiAgaWYgKCFBcnJheS5pc0FycmF5KHZhbHVlKSkge1xuICAgIHJldHVybiBmYWxzZVxuICB9XG5cbiAgZm9yIChjb25zdCBlbGVtZW50IG9mIHZhbHVlKSB7XG4gICAgaWYgKHR5cGVvZiBlbGVtZW50ICE9PSBcInN0cmluZ1wiKSB7XG4gICAgICByZXR1cm4gZmFsc2VcbiAgICB9XG4gIH1cblxuICByZXR1cm4gdHJ1ZVxufVxuXG4vKipcbiAqIFdlIHdhbnQgdG8gcmV0dXJuIHRoZSByZXF1ZXN0aW5nIHVzZXJuYW1lIGFzIGEgY29udGV4dCB2YXJpYWJsZSBpblxuICoge0BsaW5rIEF1dGhvcml6ZXJSZXN1bHQuY29udGV4dH0sIGZvciBBUEkgR2F0ZXdheSBhY2Nlc3MgbG9ncyBhbmQgcGFyYW1ldGVyIG1hcHBpbmcuIFNvIGlmIHRoZVxuICogYmFzaWMgYXV0aCBjcmVkZW50aWFscyBzZWNyZXQgaXMgc3RvcmVkIGFzIHByZS1lbmNvZGVkIGJhc2U2NCBzdHJpbmdzLCB3ZSBuZWVkIHRvIHBhcnNlIHRoZW0gdG9cbiAqIGdldCB0aGUgdXNlcm5hbWUuXG4gKi9cbmZ1bmN0aW9uIHBhcnNlRW5jb2RlZEJhc2ljQXV0aENyZWRlbnRpYWxzKFxuICBlbmNvZGVkQ3JlZGVudGlhbHM6IHN0cmluZyxcbik6IEV4cGVjdGVkQmFzaWNBdXRoQ3JlZGVudGlhbHMge1xuICBsZXQgZGVjb2RlZENyZWRlbnRpYWxzOiBzdHJpbmdcbiAgdHJ5IHtcbiAgICBkZWNvZGVkQ3JlZGVudGlhbHMgPSBCdWZmZXIuZnJvbShlbmNvZGVkQ3JlZGVudGlhbHMsIFwiYmFzZTY0XCIpLnRvU3RyaW5nKClcbiAgfSBjYXRjaCAoZSkge1xuICAgIGNvbnNvbGUuZXJyb3IoXG4gICAgICBcIkJhc2ljIGF1dGggY3JlZGVudGlhbHMgc2VjcmV0IGNvdWxkIG5vdCBiZSBkZWNvZGVkIGFzIGJhc2U2NDpcIixcbiAgICAgIGUsXG4gICAgKVxuICAgIHRocm93IG5ldyBFcnJvcigpXG4gIH1cblxuICBjb25zdCB1c2VybmFtZUFuZFBhc3N3b3JkID0gZGVjb2RlZENyZWRlbnRpYWxzLnNwbGl0KFwiOlwiLCAyKVxuICBpZiAodXNlcm5hbWVBbmRQYXNzd29yZC5sZW5ndGggIT09IDIpIHtcbiAgICBjb25zb2xlLmVycm9yKFxuICAgICAgXCJCYXNpYyBhdXRoIGNyZWRlbnRpYWxzIHNlY3JldCBjb3VsZCBub3QgYmUgZGVjb2RlZCBhcyAndXNlcm5hbWU6cGFzc3dvcmQnXCIsXG4gICAgKVxuICAgIHRocm93IG5ldyBFcnJvcigpXG4gIH1cblxuICByZXR1cm4ge1xuICAgIGJhc2ljQXV0aEhlYWRlcjogYEJhc2ljICR7ZW5jb2RlZENyZWRlbnRpYWxzfWAsXG4gICAgdXNlcm5hbWU6IHVzZXJuYW1lQW5kUGFzc3dvcmRbMF0sXG4gIH1cbn1cblxuZXhwb3J0IGZ1bmN0aW9uIGNsZWFyQ2FjaGUoKSB7XG4gIGNhY2hlZFRva2VuVmVyaWZpZXIgPSB1bmRlZmluZWRcbiAgY2FjaGVkQmFzaWNBdXRoQ3JlZGVudGlhbHMgPSB1bmRlZmluZWRcbn1cbiJdfQ==
package/lib/api-gateway/http-api-gateway.d.ts CHANGED
@@ -280,8 +280,8 @@ export type AuthorizationProps<AuthScopesT extends string = string> =
280
280
  type: "IAM";
281
281
  }
282
282
  /**
283
- * Creates a custom authorizer lambda which reads `Authorization: Bearer <token>` header and
284
- * verifies the token against a Cognito user pool.
283
+ * Creates a custom authorizer lambda which reads `Authorization: Bearer <access token>` header
284
+ * and verifies the token against a Cognito user pool.
285
285
  */
286
286
  | ({
287
287
  type: "COGNITO_USER_POOL";
@@ -295,8 +295,8 @@ export type AuthorizationProps<AuthScopesT extends string = string> =
295
295
  } & BasicAuthAuthorizerProps)
296
296
  /**
297
297
  * Creates a custom authorizer lambda which allows both:
298
- * - `Authorization: Bearer <token>` header, for which the token is checked against the given
299
- * Cognito user pool
298
+ * - `Authorization: Bearer <access token>` header, for which the token is checked against the
299
+ * given Cognito user pool
300
300
  * - `Authorization: Basic <base64-encoded credentials>` header, for which the credentials are
301
301
  * checked against the credentials from the given basic auth secret name
302
302
  *
@@ -308,7 +308,7 @@ export type AuthorizationProps<AuthScopesT extends string = string> =
308
308
  export type CognitoUserPoolAuthorizerProps<AuthScopesT extends string = string> = {
309
309
  userPool: IUserPool;
310
310
  /**
311
- * Verifies that token claims contain the given scope.
311
+ * Verifies that access token claims contain the given scope.
312
312
  *
313
313
  * When defined as part of a resource server, scopes are on the format:
314
314
  * `{resource server identifier}/{scope name}`, e.g. `external/view_users`.
@@ -323,7 +323,7 @@ export type CognitoUserPoolAuthorizerProps<AuthScopesT extends string = string>
323
323
  *
324
324
  * The secret value must follow this format:
325
325
  * ```json
326
- * {"username":"<username>","password":"<password>"}
326
+ * { "username": "<username>", "password": "<password>" }
327
327
  * ```
328
328
  *
329
329
  * This prop solves the following use-case:
@@ -349,27 +349,59 @@ export type CognitoUserPoolAuthorizerProps<AuthScopesT extends string = string>
349
349
  };
350
350
  export type BasicAuthAuthorizerProps = {
351
351
  /**
352
- * Name of secret in AWS Secrets Manager that stores basic auth credentials. The secret value must
353
- * follow this format:
352
+ * Name of secret in AWS Secrets Manager that stores basic auth credentials. The secret value
353
+ * should follow this format:
354
354
  * ```json
355
- * {"username":"<username>","password":"<password>"}
355
+ * { "username": "<username>", "password": "<password>" }
356
356
  * ```
357
+ *
358
+ * The following format is also supported:
359
+ * ```json
360
+ * { "credentials": "[\"<encoded-credential-1>\",\"<encoded-credential-2>\"]" }
361
+ * ```
362
+ * ...consisting of:
363
+ * - A single key, `credentials`
364
+ * - With a _string_ value
365
+ * - Which is a stringified, escaped JSON array of base64-encoded credentials
366
+ * - In which each element is encoded from `<username>:<password>`
367
+ *
368
+ * If the secret is on this format, the authorizer will match the request's Authorization header
369
+ * against any one of these encoded credentials.
370
+ *
371
+ * The reason that this second format stores stringified JSON _inside_ JSON, is due to a
372
+ * limitation in Liflig's `load-secrets` library, which only allows storing strings values.
357
373
  */
358
374
  credentialsSecretName: string;
359
375
  };
360
376
  export type CognitoUserPoolOrBasicAuthAuthorizerProps<AuthScopesT extends string = string> = {
361
377
  userPool: IUserPool;
362
378
  /**
363
- * Name of secret in AWS Secrets Manager that stores basic auth credentials. The secret value must
364
- * follow this format:
379
+ * Name of secret in AWS Secrets Manager that stores basic auth credentials. The secret value
380
+ * should follow this format:
365
381
  * ```json
366
- * {"username":"<username>","password":"<password>"}
382
+ * { "username": "<username>", "password": "<password>" }
367
383
  * ```
384
+ *
385
+ * The following format is also supported:
386
+ * ```json
387
+ * { "credentials": "[\"<encoded-credential-1>\",\"<encoded-credential-2>\"]" }
388
+ * ```
389
+ * ...consisting of:
390
+ * - A single key, `credentials`
391
+ * - With a _string_ value
392
+ * - Which is a stringified, escaped JSON array of base64-encoded credentials
393
+ * - In which each element is encoded from `<username>:<password>`
394
+ *
395
+ * If the secret is on this format, the authorizer will match the request's Authorization header
396
+ * against any one of these encoded credentials.
397
+ *
398
+ * The reason that this second format stores stringified JSON _inside_ JSON, is due to a
399
+ * limitation in Liflig's `load-secrets` library, which only allows storing strings values.
368
400
  */
369
401
  basicAuthCredentialsSecretName?: string;
370
402
  /**
371
- * Verifies that token claims contain the given scope. Only applicable for `Bearer` token requests
372
- * checked against the Cognito User Pool (not applicable for basic auth).
403
+ * Verifies that access token claims contain the given scope. Only applicable for requests that
404
+ * use `Authorization: Bearer <access token>` (not applicable for basic auth).
373
405
  *
374
406
  * When defined as part of a resource server, scopes are on the format:
375
407
  * `{resource server identifier}/{scope name}`, e.g. `external/view_users`.