def handler()

in cdk-eventbridge-appsync-oauth/cdk/lib/authorizer/app.py [0:0]

• 32 lines of code
• 4 McCabe index (conditional complexity)

def handler(event, context):
  print(event)
  # strip out Bearer before working with token
  token = event["authorizationToken"].replace("Bearer ", "")
  is_authorized = False

  signing_key = jwks_client.get_signing_key_from_jwt(token)

  try:
    data = jwt.decode(
      token,
      signing_key.key,
      algorithms=["RS256"],
      options= {
        "require": [ "exp", "iat", "sub" ]
      }
    )

    print(data)

    is_authorized = (
      data["iss"] == "https://cognito-idp.{}.amazonaws.com/{}".format(region, user_pool_id) and
      data["sub"] == app_client_id
    )
  except (DecodeError, ExpiredSignatureError, InvalidTokenError) as err:
    print("--- JWT Decode Error: Auth Failure ---")
    print(err)
    is_authorized = False
  except Exception as err:
    print(err)
    raise err
  finally:
    print(f"isAuthorized: {is_authorized}")
    return {
      "isAuthorized": is_authorized,
      "deniedFields": []
    }