Move and strengthen custom auth validity check

awslabs · Dec 13, 2023 · 8e41233 · 8e41233
1 parent 248ce26
commit 8e41233
Showing 1 changed file with 9 additions and 4 deletions.
diff --git a/lib/common/aws_iot_shared.ts b/lib/common/aws_iot_shared.ts
@@ -81,14 +81,19 @@ export function populate_username_string_with_custom_authorizer(
     if (is_string_and_not_empty(input_authorizer) && input_authorizer) {
         username_string = add_to_username_parameter(username_string, input_authorizer, "x-amz-customauthorizer-name=");
     }
-    if (is_string_and_not_empty(input_signature) && input_signature) {
-        username_string = add_to_username_parameter(username_string, input_signature, "x-amz-customauthorizer-signature=");
-    }
 
     if (is_string_and_not_empty(input_signature) || is_string_and_not_empty(input_token_value) || is_string_and_not_empty(input_token_key_name)) {
-        if (!input_token_value || !input_token_key_name) {
+        if (!input_token_value || !input_token_key_name || !input_signature) {
             throw new Error("Signing-based custom authentication requires all token-related properties to be set");
         }
+    }
+
+    if (is_string_and_not_empty(input_signature) && input_signature) {
+        username_string = add_to_username_parameter(username_string, input_signature, "x-amz-customauthorizer-signature=");
+    }
+
+    if (is_string_and_not_empty(input_token_value) && is_string_and_not_empty(input_token_key_name)) {
+        // @ts-ignore
         username_string = add_to_username_parameter(username_string, input_token_value, input_token_key_name + "=");
     }