search

aws / aws-lambda-dotnet

Libraries, samples and tools to help .NET Core developers develop AWS Lambda functions.
Apache License 2.0
1.57k stars 479 forks source link

deserialization issue affecting APIGatewayCustomAuthorizerContext #1141

Open belgab1980 opened 2 years ago

belgab1980 commented 2 years ago

Describe the bug

Not able to consume values returned by a Lambda Authorizer; they are not there even if they are present in the input JSON

Expected Behavior

Dictionary properly set with keys and values

Current Behavior

No values

Reproduction Steps

Websocket API with an authorizer; try to access any authorizer context property (like principalId) Use the new "Amazon.Lambda.Serialization.SystemTextJson.DefaultLambdaJsonSerializer" (which is default)

Possible Solution

As a workaround, the old "Amazon.Lambda.Serialization.Json.JsonSerializer" using the Newtonsoft library seems to work just fine.

Additional Information/Context

using Amazon.Lambda.Serialization.SystemTextJson.DefaultLambdaJsonSerializer "Authorizer": { "principalId": { "ValueKind": 3 }, "integrationLatency": { "ValueKind": 4 }, "authn": { "ValueKind": 3 } }

using the legacy Amazon.Lambda.Serialization.Json.JsonSerializer "Authorizer": { "principalId": "***", "integrationLatency": 9516, "authn": "None" },

AWS .NET SDK and/or Package version used

Amazon.Lambda.Serialization.SystemTextJson v2.3.0

Targeted .NET Platform

.net core 3.1

Operating System and version

any

ashishdhingra commented 2 years ago

This might be the outcome of https://github.com/dotnet/runtime/issues/30969 where per https://github.com/dotnet/runtime/issues/30969#issuecomment-535779492, TypeNameHandling.All-equivalent functionality was intentionally left out. The APIGatewayCustomAuthorizerContext derives from Dictionary<string, object>, hence the actual value for a key would be returned as JsonElement with JsonElement.ValueKind property.

belgab1980 commented 2 years ago

Hi Ashish,

This is most likely the reason why it’s not deserialized; in this case it’s not a bug.

The APIGatewayCustomAuthorizerContext does indeed define a Dictionary<string, object> (so the value in the pair is not deserialized by the new implementation, while the old JSON based one does most likely assume it is a string)

The APIGatewayCustomAuthorizerContext class as defined is unusable with the new deserialization implementation, so I wonder if it would make sense (unless it breaks code in other places) to change Dictionary<string, object> to Dictionary<string, string> (like the APIGatewayCustomAuthorizerContext.Claims property)

Gabriele

From: Ashish Dhingra @.> Sent: giovedì 14 aprile 2022 22:54 To: aws/aws-lambda-dotnet @.> Cc: Gabriele Beltrame @.>; Author @.> Subject: Re: [aws/aws-lambda-dotnet] deserialization issue affecting APIGatewayCustomAuthorizerContext (Issue #1141)

This might be the outcome of dotnet/runtime#30969 https://github.com/dotnet/runtime/issues/30969 where per dotnet/runtime#30969 (comment) https://github.com/dotnet/runtime/issues/30969#issuecomment-535779492 , TypeNameHandling.All-equivalent functionality was intentionally left out.

— Reply to this email directly, view it on GitHub https://github.com/aws/aws-lambda-dotnet/issues/1141#issuecomment-1099612303 , or unsubscribe https://github.com/notifications/unsubscribe-auth/AVOCUUGUG5V473KSZFEZ7MTVFCAWLANCNFSM5S6TI5HQ . You are receiving this because you authored the thread. https://github.com/notifications/beacon/AVOCUUFXF4KF4TFNJJ4T74DVFCAWLA5CNFSM5S6TI5H2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOIGFMBDY.gif Message ID: @. @.> >

ashishdhingra commented 2 years ago

Need to investigate if we can have custom converter to handle Dictionary<string, object> type for a scenario.