Added code to handle Cognito Credentials and return the identity id i…

…nstead of the user ARN. This fixes issue #43
aws · Jul 5, 2017 · 237a7c7 · 237a7c7
1 parent 0e762c6
commit 237a7c7
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/.../src/main/java/com/amazonaws/serverless/proxy/internal/jaxrs/AwsProxySecurityContext.java b/.../src/main/java/com/amazonaws/serverless/proxy/internal/jaxrs/AwsProxySecurityContext.java
@@ -69,7 +69,12 @@ public Principal getUserPrincipal() {
             if (getAuthenticationScheme().equals(AUTH_SCHEME_CUSTOM)) {
                 return event.getRequestContext().getAuthorizer().getPrincipalId();
             } else if (getAuthenticationScheme().equals(AUTH_SCHEME_AWS_IAM)) {
-                return event.getRequestContext().getIdentity().getUserArn();
+                // if we received credentials from Cognito Federated Identities then we return the identity id
+                if (event.getRequestContext().getIdentity().getCognitoIdentityId() != null) {
+                    return event.getRequestContext().getIdentity().getCognitoIdentityId();
+                } else { // otherwise the user arn from the credentials
+                    return event.getRequestContext().getIdentity().getUserArn();
+                }
             } else if (getAuthenticationScheme().equals(AUTH_SCHEME_COGNITO_POOL)) {
                 return event.getRequestContext().getAuthorizer().getClaims().getSubject();
             }