Added authorizer_scopes to add_method

cloutierMat · cloutierMat · commit 93e614f45753 · 2024-11-26T14:36:16.000-07:00
diff --git a/localstack-core/localstack/services/apigateway/helpers.py b/localstack-core/localstack/services/apigateway/helpers.py
@@ -4,7 +4,7 @@
 import json
 import logging
 from datetime import datetime
-from typing import List, Optional, Union
+from typing import List, Optional, TypedDict, Union
 from urllib import parse as urlparse
 
 from jsonpatch import apply_patch
@@ -91,6 +91,11 @@ class OpenAPIExt:
     TAG_VALUE = "x-amazon-apigateway-tag-value"
 
 
+class AuthorizerConfig(TypedDict):
+    authorizer: Authorizer
+    authorization_scopes: Optional[list[str]]
+
+
 # TODO: make the CRUD operations in this file generic for the different model types (authorizes, validators, ...)
 
 
@@ -564,14 +569,14 @@ def create_authorizers(security_schemes: dict) -> None:
 
             authorizers[security_scheme_name] = authorizer
 
-    def get_authorizer(path_payload: dict) -> Optional[Authorizer]:
+    def get_authorizer(path_payload: dict) -> Optional[AuthorizerConfig]:
         if not (security_schemes := path_payload.get("security")):
             return None
 
         for security_scheme in security_schemes:
-            for security_scheme_name in security_scheme.keys():
+            for security_scheme_name, scopes in security_scheme.items():
                 if authorizer := authorizers.get(security_scheme_name):
-                    return authorizer
+                    return AuthorizerConfig(authorizer=authorizer, authorization_scopes=scopes)
 
     def get_or_create_path(abs_path: str, base_path: str):
         parts = abs_path.rstrip("/").replace("//", "/").split("/")
@@ -815,7 +820,7 @@ def create_method_resource(child, method, method_schema):
         kwargs = {}
 
         if authorizer := get_authorizer(method_schema) or default_authorizer:
-            method_authorizer = authorizer or default_authorizer
+            method_authorizer = authorizer["authorizer"]
             # override the authorizer_type if it's a TOKEN or REQUEST to CUSTOM
             if (authorizer_type := method_authorizer["type"]) in ("TOKEN", "REQUEST"):
                 authorization_type = "CUSTOM"
@@ -824,6 +829,9 @@ def create_method_resource(child, method, method_schema):
 
             kwargs["authorizer_id"] = method_authorizer["id"]
 
+            if authorization_scopes := authorizer.get("authorization_scopes"):
+                kwargs["authorization_scopes"] = authorization_scopes
+
         return child.add_method(
             method,
             api_key_required=api_key_required,
