From fbeefa3c23cfded85ab089ea8d6b2652094a075c Mon Sep 17 00:00:00 2001
From: Thomas Aribart <38014240+ThomasAribart@users.noreply.github.com>
Date: Thu, 28 Apr 2022 17:13:28 +0200
Subject: [PATCH 1/2] Improve webhooks authorization

I have a bug on my application with Lift: I want to secure a webhook call using with a different header than Authorization (I do not have a hand on the header).

The HTTP request does not contain an Authorization header and thus receives a 401. The documentation: https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html

All headers are available in the event anyway, and Lift doesn't implement authorizer caching by default, so we can juste empty the `identitySource` property.
---
 src/constructs/aws/Webhook.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/constructs/aws/Webhook.ts b/src/constructs/aws/Webhook.ts
index aec77f7b..296cb676 100644
--- a/src/constructs/aws/Webhook.ts
+++ b/src/constructs/aws/Webhook.ts
@@ -124,7 +124,7 @@ export class Webhook extends AwsConstruct {
                 authorizerPayloadFormatVersion: "2.0",
                 authorizerType: "REQUEST",
                 name: `${id}-authorizer`,
-                identitySource: ["$request.header.Authorization"],
+                identitySource: [],
                 enableSimpleResponses: true,
                 authorizerUri: Fn.join("/", [
                     `arn:aws:apigateway:${this.provider.region}:lambda:path/2015-03-31/functions`,

From 809c5be1d74924a43afe65ee455df9a23b54e574 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Barthelet?= <fredericb@theodo.fr>
Date: Fri, 29 Apr 2022 13:47:15 +0200
Subject: [PATCH 2/2] Remove identitySource altogether

This argument is optional when using REQUEST type authorizer
---
 src/constructs/aws/Webhook.ts | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/constructs/aws/Webhook.ts b/src/constructs/aws/Webhook.ts
index 296cb676..86c5d6ce 100644
--- a/src/constructs/aws/Webhook.ts
+++ b/src/constructs/aws/Webhook.ts
@@ -124,7 +124,6 @@ export class Webhook extends AwsConstruct {
                 authorizerPayloadFormatVersion: "2.0",
                 authorizerType: "REQUEST",
                 name: `${id}-authorizer`,
-                identitySource: [],
                 enableSimpleResponses: true,
                 authorizerUri: Fn.join("/", [
                     `arn:aws:apigateway:${this.provider.region}:lambda:path/2015-03-31/functions`,