From d0d73dc839dc129b5c100043d7dac55966662f6d Mon Sep 17 00:00:00 2001 From: Ernest Folch Date: Fri, 19 Jan 2024 01:56:42 +0100 Subject: [PATCH] feat: added contracts for cognito pre token generation v2_0 (#1656) --- .../AccessTokenGeneration.cs | 50 +++++++++++ .../Amazon.Lambda.CognitoEvents.csproj | 2 +- .../ClaimsAndScopeOverrideDetails.cs | 38 ++++++++ .../CognitoPreTokenGenerationV2Event.cs | 9 ++ .../CognitoPreTokenGenerationV2Request.cs | 38 ++++++++ .../CognitoPreTokenGenerationV2Response.cs | 19 ++++ .../IdTokenGeneration.cs | 30 +++++++ .../test/EventsTests.Shared/EventTests.cs | 90 ++++++++++++++++++- .../EventsTests.Shared.projitems | 1 + .../cognito-pretokengenerationv2-event.json | 79 ++++++++++++++++ 10 files changed, 353 insertions(+), 3 deletions(-) create mode 100644 Libraries/src/Amazon.Lambda.CognitoEvents/AccessTokenGeneration.cs create mode 100644 Libraries/src/Amazon.Lambda.CognitoEvents/ClaimsAndScopeOverrideDetails.cs create mode 100644 Libraries/src/Amazon.Lambda.CognitoEvents/CognitoPreTokenGenerationV2Event.cs create mode 100644 Libraries/src/Amazon.Lambda.CognitoEvents/CognitoPreTokenGenerationV2Request.cs create mode 100644 Libraries/src/Amazon.Lambda.CognitoEvents/CognitoPreTokenGenerationV2Response.cs create mode 100644 Libraries/src/Amazon.Lambda.CognitoEvents/IdTokenGeneration.cs create mode 100644 Libraries/test/EventsTests.Shared/cognito-pretokengenerationv2-event.json diff --git a/Libraries/src/Amazon.Lambda.CognitoEvents/AccessTokenGeneration.cs b/Libraries/src/Amazon.Lambda.CognitoEvents/AccessTokenGeneration.cs new file mode 100644 index 000000000..9c0f97302 --- /dev/null +++ b/Libraries/src/Amazon.Lambda.CognitoEvents/AccessTokenGeneration.cs @@ -0,0 +1,50 @@ +using System.Collections.Generic; +using System.Runtime.Serialization; + +namespace Amazon.Lambda.CognitoEvents +{ + /// + /// https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-token-generation.html + /// + [DataContract] + public class AccessTokenGeneration + { + /// + /// A map of one or more key-value pairs of claims to add or override. For group related claims, use + /// groupOverrideDetails instead. + /// + [DataMember(Name = "claimsToAddOrOverride")] +#if NETCOREAPP3_1_OR_GREATER + [System.Text.Json.Serialization.JsonPropertyName("claimsToAddOrOverride")] +# endif + public Dictionary ClaimsToAddOrOverride { get; set; } = new Dictionary(); + + /// + /// A list that contains claims to be suppressed from the identity token. + /// + [DataMember(Name = "claimsToSuppress")] +#if NETCOREAPP3_1_OR_GREATER + [System.Text.Json.Serialization.JsonPropertyName("claimsToSuppress")] +# endif + public List ClaimsToSuppress { get; set; } = new List(); + + /// + /// A list of OAuth 2.0 scopes that you want to add to the scope claim in your user's access token. You can't + /// add scope values that contain one or more blank-space characters. + /// + [DataMember(Name = "scopesToAdd")] +#if NETCOREAPP3_1_OR_GREATER + [System.Text.Json.Serialization.JsonPropertyName("scopesToAdd")] +# endif + public List ScopesToAdd { get; set; } = new List(); + + /// + /// A list of OAuth 2.0 scopes that you want to remove from the scope claim in your user's access token. + /// + [DataMember(Name = "scopesToSuppress")] +#if NETCOREAPP3_1_OR_GREATER + [System.Text.Json.Serialization.JsonPropertyName("scopesToSuppress")] +# endif + public List ScopesToSuppress { get; set; } = new List(); + } +} diff --git a/Libraries/src/Amazon.Lambda.CognitoEvents/Amazon.Lambda.CognitoEvents.csproj b/Libraries/src/Amazon.Lambda.CognitoEvents/Amazon.Lambda.CognitoEvents.csproj index b79a2c22d..91ed3d664 100644 --- a/Libraries/src/Amazon.Lambda.CognitoEvents/Amazon.Lambda.CognitoEvents.csproj +++ b/Libraries/src/Amazon.Lambda.CognitoEvents/Amazon.Lambda.CognitoEvents.csproj @@ -6,7 +6,7 @@ Amazon Lambda .NET Core support - CognitoEvents package. netstandard2.0;netcoreapp3.1;net8.0 Amazon.Lambda.CognitoEvents - 2.2.0 + 2.3.0 Amazon.Lambda.CognitoEvents Amazon.Lambda.CognitoEvents AWS;Amazon;Lambda diff --git a/Libraries/src/Amazon.Lambda.CognitoEvents/ClaimsAndScopeOverrideDetails.cs b/Libraries/src/Amazon.Lambda.CognitoEvents/ClaimsAndScopeOverrideDetails.cs new file mode 100644 index 000000000..83b483e37 --- /dev/null +++ b/Libraries/src/Amazon.Lambda.CognitoEvents/ClaimsAndScopeOverrideDetails.cs @@ -0,0 +1,38 @@ +using System.Runtime.Serialization; + +namespace Amazon.Lambda.CognitoEvents +{ + /// + /// https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-token-generation.html + /// + [DataContract] + public class ClaimsAndScopeOverrideDetails + { + /// + /// The claims that you want to override, add, or suppress in your user’s ID token. + /// + [DataMember(Name = "idTokenGeneration")] +#if NETCOREAPP3_1_OR_GREATER + [System.Text.Json.Serialization.JsonPropertyName("idTokenGeneration")] +# endif + public IdTokenGeneration IdTokenGeneration { get; set; } = new IdTokenGeneration(); + + /// + /// The claims and scopes that you want to override, add, or suppress in your user’s access token. + /// + [DataMember(Name = "accessTokenGeneration")] +#if NETCOREAPP3_1_OR_GREATER + [System.Text.Json.Serialization.JsonPropertyName("accessTokenGeneration")] +# endif + public AccessTokenGeneration AccessTokenGeneration { get; set; } = new AccessTokenGeneration(); + + /// + /// The output object containing the current group configuration. It includes groupsToOverride, iamRolesToOverride, and preferredRole. + /// + [DataMember(Name = "groupOverrideDetails")] +#if NETCOREAPP3_1_OR_GREATER + [System.Text.Json.Serialization.JsonPropertyName("groupOverrideDetails")] +# endif + public GroupConfiguration GroupOverrideDetails { get; set; } = new GroupConfiguration(); + } +} diff --git a/Libraries/src/Amazon.Lambda.CognitoEvents/CognitoPreTokenGenerationV2Event.cs b/Libraries/src/Amazon.Lambda.CognitoEvents/CognitoPreTokenGenerationV2Event.cs new file mode 100644 index 000000000..31eb7c791 --- /dev/null +++ b/Libraries/src/Amazon.Lambda.CognitoEvents/CognitoPreTokenGenerationV2Event.cs @@ -0,0 +1,9 @@ +namespace Amazon.Lambda.CognitoEvents +{ + /// + /// https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-token-generation.html + /// + public class CognitoPreTokenGenerationV2Event : CognitoTriggerEvent + { + } +} diff --git a/Libraries/src/Amazon.Lambda.CognitoEvents/CognitoPreTokenGenerationV2Request.cs b/Libraries/src/Amazon.Lambda.CognitoEvents/CognitoPreTokenGenerationV2Request.cs new file mode 100644 index 000000000..3ef60f7ed --- /dev/null +++ b/Libraries/src/Amazon.Lambda.CognitoEvents/CognitoPreTokenGenerationV2Request.cs @@ -0,0 +1,38 @@ +using System.Collections.Generic; +using System.Runtime.Serialization; + +namespace Amazon.Lambda.CognitoEvents +{ + /// + /// https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-token-generation.html + /// + public class CognitoPreTokenGenerationV2Request : CognitoTriggerRequest + { + /// + /// The input object containing the current group configuration. It includes groupsToOverride, iamRolesToOverride, and preferredRole. + /// + [DataMember(Name = "groupConfiguration")] +#if NETCOREAPP3_1_OR_GREATER + [System.Text.Json.Serialization.JsonPropertyName("groupConfiguration")] +# endif + public GroupConfiguration GroupConfiguration { get; set; } = new GroupConfiguration(); + + /// + /// One or more key-value pairs that you can provide as custom input to the Lambda function that you specify for the pre sign-up trigger. You can pass this data to your Lambda function by using the ClientMetadata parameter in the following API actions: AdminVerifyUser, AdminRespondToAuthChallenge, ForgotPassword, and SignUp. + /// + [DataMember(Name = "clientMetadata")] +#if NETCOREAPP3_1_OR_GREATER + [System.Text.Json.Serialization.JsonPropertyName("clientMetadata")] +# endif + public Dictionary ClientMetadata { get; set; } = new Dictionary(); + + /// + /// A list that contains the OAuth 2.0 user scopes. + /// + [DataMember(Name = "scopes")] +#if NETCOREAPP3_1_OR_GREATER + [System.Text.Json.Serialization.JsonPropertyName("scopes")] +# endif + public List Scopes { get; set; } = new List(); + } +} diff --git a/Libraries/src/Amazon.Lambda.CognitoEvents/CognitoPreTokenGenerationV2Response.cs b/Libraries/src/Amazon.Lambda.CognitoEvents/CognitoPreTokenGenerationV2Response.cs new file mode 100644 index 000000000..981a1aa83 --- /dev/null +++ b/Libraries/src/Amazon.Lambda.CognitoEvents/CognitoPreTokenGenerationV2Response.cs @@ -0,0 +1,19 @@ +using System.Runtime.Serialization; + +namespace Amazon.Lambda.CognitoEvents +{ + /// + /// https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-token-generation.html + /// + public class CognitoPreTokenGenerationV2Response : CognitoTriggerResponse + { + /// + /// A container for all elements in a V2_0 trigger event. + /// + [DataMember(Name = "claimsAndScopeOverrideDetails")] +#if NETCOREAPP3_1_OR_GREATER + [System.Text.Json.Serialization.JsonPropertyName("claimsAndScopeOverrideDetails")] +# endif + public ClaimsAndScopeOverrideDetails ClaimsAndScopeOverrideDetails { get; set; } = new ClaimsAndScopeOverrideDetails(); + } +} diff --git a/Libraries/src/Amazon.Lambda.CognitoEvents/IdTokenGeneration.cs b/Libraries/src/Amazon.Lambda.CognitoEvents/IdTokenGeneration.cs new file mode 100644 index 000000000..e4c516961 --- /dev/null +++ b/Libraries/src/Amazon.Lambda.CognitoEvents/IdTokenGeneration.cs @@ -0,0 +1,30 @@ +using System.Collections.Generic; +using System.Runtime.Serialization; + +namespace Amazon.Lambda.CognitoEvents +{ + /// + /// https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-token-generation.html + /// + [DataContract] + public class IdTokenGeneration + { + /// + /// A map of one or more key-value pairs of claims to add or override. For group related claims, use groupOverrideDetails instead. + /// + [DataMember(Name = "claimsToAddOrOverride")] +#if NETCOREAPP3_1_OR_GREATER + [System.Text.Json.Serialization.JsonPropertyName("claimsToAddOrOverride")] +# endif + public Dictionary ClaimsToAddOrOverride { get; set; } = new Dictionary(); + + /// + /// A list that contains claims to be suppressed from the identity token. + /// + [DataMember(Name = "claimsToSuppress")] +#if NETCOREAPP3_1_OR_GREATER + [System.Text.Json.Serialization.JsonPropertyName("claimsToSuppress")] +# endif + public List ClaimsToSuppress { get; set; } = new List(); + } +} diff --git a/Libraries/test/EventsTests.Shared/EventTests.cs b/Libraries/test/EventsTests.Shared/EventTests.cs index 54a9977a6..0139d2de2 100644 --- a/Libraries/test/EventsTests.Shared/EventTests.cs +++ b/Libraries/test/EventsTests.Shared/EventTests.cs @@ -1069,6 +1069,92 @@ public void CognitoPreTokenGenerationEventTest(Type serializerType) } } + [Theory] + [InlineData(typeof(JsonSerializer))] +#if NETCOREAPP3_1_OR_GREATER + [InlineData(typeof(Amazon.Lambda.Serialization.SystemTextJson.LambdaJsonSerializer))] + [InlineData(typeof(Amazon.Lambda.Serialization.SystemTextJson.DefaultLambdaJsonSerializer))] +#endif + public void CognitoPreTokenGenerationV2EventTest(Type serializerType) + { + var serializer = Activator.CreateInstance(serializerType) as ILambdaSerializer; + using (var fileStream = LoadJsonTestFile("cognito-pretokengenerationv2-event.json")) + { + var cognitoPreTokenGenerationV2Event = serializer.Deserialize(fileStream); + + AssertBaseClass(cognitoPreTokenGenerationV2Event, eventVersion: "2"); + + Assert.Equal(2, cognitoPreTokenGenerationV2Event.Request.GroupConfiguration.GroupsToOverride.Count); + Assert.Equal("group1", cognitoPreTokenGenerationV2Event.Request.GroupConfiguration.GroupsToOverride[0]); + Assert.Equal("group2", cognitoPreTokenGenerationV2Event.Request.GroupConfiguration.GroupsToOverride[1]); + + Assert.Equal(2, cognitoPreTokenGenerationV2Event.Request.GroupConfiguration.IamRolesToOverride.Count); + Assert.Equal("role1", cognitoPreTokenGenerationV2Event.Request.GroupConfiguration.IamRolesToOverride[0]); + Assert.Equal("role2", cognitoPreTokenGenerationV2Event.Request.GroupConfiguration.IamRolesToOverride[1]); + + Assert.Equal("role", cognitoPreTokenGenerationV2Event.Request.GroupConfiguration.PreferredRole); + + Assert.Equal(2, cognitoPreTokenGenerationV2Event.Request.ClientMetadata.Count); + Assert.Equal("metadata_1", cognitoPreTokenGenerationV2Event.Request.ClientMetadata.ToArray()[0].Key); + Assert.Equal("metadata_value_1", cognitoPreTokenGenerationV2Event.Request.ClientMetadata.ToArray()[0].Value); + Assert.Equal("metadata_2", cognitoPreTokenGenerationV2Event.Request.ClientMetadata.ToArray()[1].Key); + Assert.Equal("metadata_value_2", cognitoPreTokenGenerationV2Event.Request.ClientMetadata.ToArray()[1].Value); + + Assert.Equal(2, cognitoPreTokenGenerationV2Event.Request.UserAttributes.Count); + Assert.Equal("attribute_1", cognitoPreTokenGenerationV2Event.Request.UserAttributes.ToArray()[0].Key); + Assert.Equal("attribute_value_1", cognitoPreTokenGenerationV2Event.Request.UserAttributes.ToArray()[0].Value); + Assert.Equal("attribute_2", cognitoPreTokenGenerationV2Event.Request.UserAttributes.ToArray()[1].Key); + Assert.Equal("attribute_value_2", cognitoPreTokenGenerationV2Event.Request.UserAttributes.ToArray()[1].Value); + + Assert.Equal(2, cognitoPreTokenGenerationV2Event.Request.Scopes.Count); + Assert.Equal("scope_1", cognitoPreTokenGenerationV2Event.Request.Scopes.ToArray()[0]); + Assert.Equal("scope_2", cognitoPreTokenGenerationV2Event.Request.Scopes.ToArray()[1]); + + Assert.Equal(2, cognitoPreTokenGenerationV2Event.Response.ClaimsAndScopeOverrideDetails.IdTokenGeneration.ClaimsToAddOrOverride.Count); + Assert.Equal("claim_1", cognitoPreTokenGenerationV2Event.Response.ClaimsAndScopeOverrideDetails.IdTokenGeneration.ClaimsToAddOrOverride.ToArray()[0].Key); + Assert.Equal("claim_1_value_1", cognitoPreTokenGenerationV2Event.Response.ClaimsAndScopeOverrideDetails.IdTokenGeneration.ClaimsToAddOrOverride.ToArray()[0].Value); + Assert.Equal("claim_2", cognitoPreTokenGenerationV2Event.Response.ClaimsAndScopeOverrideDetails.IdTokenGeneration.ClaimsToAddOrOverride.ToArray()[1].Key); + Assert.Equal("claim_1_value_2", cognitoPreTokenGenerationV2Event.Response.ClaimsAndScopeOverrideDetails.IdTokenGeneration.ClaimsToAddOrOverride.ToArray()[1].Value); + Assert.Equal(2, cognitoPreTokenGenerationV2Event.Response.ClaimsAndScopeOverrideDetails.IdTokenGeneration.ClaimsToSuppress.Count); + Assert.Equal("suppress1", cognitoPreTokenGenerationV2Event.Response.ClaimsAndScopeOverrideDetails.IdTokenGeneration.ClaimsToSuppress[0]); + Assert.Equal("suppress2", cognitoPreTokenGenerationV2Event.Response.ClaimsAndScopeOverrideDetails.IdTokenGeneration.ClaimsToSuppress[1]); + + Assert.Equal(2, cognitoPreTokenGenerationV2Event.Response.ClaimsAndScopeOverrideDetails.AccessTokenGeneration.ClaimsToAddOrOverride.Count); + Assert.Equal("claim_1", cognitoPreTokenGenerationV2Event.Response.ClaimsAndScopeOverrideDetails.AccessTokenGeneration.ClaimsToAddOrOverride.ToArray()[0].Key); + Assert.Equal("claim_1_value_1", cognitoPreTokenGenerationV2Event.Response.ClaimsAndScopeOverrideDetails.AccessTokenGeneration.ClaimsToAddOrOverride.ToArray()[0].Value); + Assert.Equal("claim_2", cognitoPreTokenGenerationV2Event.Response.ClaimsAndScopeOverrideDetails.AccessTokenGeneration.ClaimsToAddOrOverride.ToArray()[1].Key); + Assert.Equal("claim_1_value_2", cognitoPreTokenGenerationV2Event.Response.ClaimsAndScopeOverrideDetails.AccessTokenGeneration.ClaimsToAddOrOverride.ToArray()[1].Value); + Assert.Equal(2, cognitoPreTokenGenerationV2Event.Response.ClaimsAndScopeOverrideDetails.AccessTokenGeneration.ClaimsToSuppress.Count); + Assert.Equal("suppress1", cognitoPreTokenGenerationV2Event.Response.ClaimsAndScopeOverrideDetails.AccessTokenGeneration.ClaimsToSuppress[0]); + Assert.Equal("suppress2", cognitoPreTokenGenerationV2Event.Response.ClaimsAndScopeOverrideDetails.AccessTokenGeneration.ClaimsToSuppress[1]); + Assert.Equal(2, cognitoPreTokenGenerationV2Event.Response.ClaimsAndScopeOverrideDetails.AccessTokenGeneration.ScopesToAdd.Count); + Assert.Equal("add1", cognitoPreTokenGenerationV2Event.Response.ClaimsAndScopeOverrideDetails.AccessTokenGeneration.ScopesToAdd[0]); + Assert.Equal("add2", cognitoPreTokenGenerationV2Event.Response.ClaimsAndScopeOverrideDetails.AccessTokenGeneration.ScopesToAdd[1]); + Assert.Equal(2, cognitoPreTokenGenerationV2Event.Response.ClaimsAndScopeOverrideDetails.AccessTokenGeneration.ScopesToSuppress.Count); + Assert.Equal("suppress1", cognitoPreTokenGenerationV2Event.Response.ClaimsAndScopeOverrideDetails.AccessTokenGeneration.ScopesToSuppress[0]); + Assert.Equal("suppress2", cognitoPreTokenGenerationV2Event.Response.ClaimsAndScopeOverrideDetails.AccessTokenGeneration.ScopesToSuppress[1]); + + Assert.Equal(2, cognitoPreTokenGenerationV2Event.Response.ClaimsAndScopeOverrideDetails.GroupOverrideDetails.GroupsToOverride.Count); + Assert.Equal("group1", cognitoPreTokenGenerationV2Event.Response.ClaimsAndScopeOverrideDetails.GroupOverrideDetails.GroupsToOverride[0]); + Assert.Equal("group2", cognitoPreTokenGenerationV2Event.Response.ClaimsAndScopeOverrideDetails.GroupOverrideDetails.GroupsToOverride[1]); + + Assert.Equal(2, cognitoPreTokenGenerationV2Event.Response.ClaimsAndScopeOverrideDetails.GroupOverrideDetails.IamRolesToOverride.Count); + Assert.Equal("role1", cognitoPreTokenGenerationV2Event.Response.ClaimsAndScopeOverrideDetails.GroupOverrideDetails.IamRolesToOverride[0]); + Assert.Equal("role2", cognitoPreTokenGenerationV2Event.Response.ClaimsAndScopeOverrideDetails.GroupOverrideDetails.IamRolesToOverride[1]); + + Assert.Equal("role", cognitoPreTokenGenerationV2Event.Response.ClaimsAndScopeOverrideDetails.GroupOverrideDetails.PreferredRole); + + MemoryStream ms = new MemoryStream(); + serializer.Serialize(cognitoPreTokenGenerationV2Event, ms); + ms.Position = 0; + var json = new StreamReader(ms).ReadToEnd(); + + var original = JObject.Parse(File.ReadAllText("cognito-pretokengenerationv2-event.json")); + var serialized = JObject.Parse(json); + Assert.True(JToken.DeepEquals(serialized, original), "Serialized object is not the same as the original JSON"); + } + } + [Theory] [InlineData(typeof(JsonSerializer))] #if NETCOREAPP3_1_OR_GREATER @@ -1223,11 +1309,11 @@ public void CognitoCustomSmsSenderEventTest(Type serializerType) } } - private static void AssertBaseClass(CognitoTriggerEvent cognitoTriggerEvent) + private static void AssertBaseClass(CognitoTriggerEvent cognitoTriggerEvent, string eventVersion = "1") where TRequest : CognitoTriggerRequest, new() where TResponse : CognitoTriggerResponse, new() { - Assert.Equal("1", cognitoTriggerEvent.Version); + Assert.Equal(eventVersion, cognitoTriggerEvent.Version); Assert.Equal("us-east-1", cognitoTriggerEvent.Region); Assert.Equal("us-east-1_id", cognitoTriggerEvent.UserPoolId); Assert.Equal("username_uuid", cognitoTriggerEvent.UserName); diff --git a/Libraries/test/EventsTests.Shared/EventsTests.Shared.projitems b/Libraries/test/EventsTests.Shared/EventsTests.Shared.projitems index e34d37f62..50858a106 100644 --- a/Libraries/test/EventsTests.Shared/EventsTests.Shared.projitems +++ b/Libraries/test/EventsTests.Shared/EventsTests.Shared.projitems @@ -19,6 +19,7 @@ + diff --git a/Libraries/test/EventsTests.Shared/cognito-pretokengenerationv2-event.json b/Libraries/test/EventsTests.Shared/cognito-pretokengenerationv2-event.json new file mode 100644 index 000000000..947960cb6 --- /dev/null +++ b/Libraries/test/EventsTests.Shared/cognito-pretokengenerationv2-event.json @@ -0,0 +1,79 @@ +{ + "version": "2", + "region": "us-east-1", + "userPoolId": "us-east-1_id", + "userName": "username_uuid", + "callerContext": { + "awsSdkVersion": "version", + "clientId": "client_id" + }, + "triggerSource": "trigger_source", + "request": { + "userAttributes": { + "attribute_1": "attribute_value_1", + "attribute_2": "attribute_value_2" + }, + "scopes": [ + "scope_1", + "scope_2" + ], + "groupConfiguration": { + "groupsToOverride": [ + "group1", + "group2" + ], + "iamRolesToOverride": [ + "role1", + "role2" + ], + "preferredRole": "role" + }, + "clientMetadata": { + "metadata_1": "metadata_value_1", + "metadata_2": "metadata_value_2" + } + }, + "response": { + "claimsAndScopeOverrideDetails": { + "idTokenGeneration": { + "claimsToAddOrOverride": { + "claim_1": "claim_1_value_1", + "claim_2": "claim_1_value_2" + }, + "claimsToSuppress": [ + "suppress1", + "suppress2" + ] + }, + "accessTokenGeneration": { + "claimsToAddOrOverride": { + "claim_1": "claim_1_value_1", + "claim_2": "claim_1_value_2" + }, + "claimsToSuppress": [ + "suppress1", + "suppress2" + ], + "scopesToAdd": [ + "add1", + "add2" + ], + "scopesToSuppress": [ + "suppress1", + "suppress2" + ] + }, + "groupOverrideDetails": { + "groupsToOverride": [ + "group1", + "group2" + ], + "iamRolesToOverride": [ + "role1", + "role2" + ], + "preferredRole": "role" + } + } + } +} \ No newline at end of file