Bug: RequestContextV2AuthorizerJwt requires scopes

[smittnacht]

Expected Behaviour

I'm using the RequestContextV2 Model for parsing the event payload within a AWS Lambda function called by an AWS API Gateway. The API Gateway is configured to allow only authenticated requests with a valid JWT Token. The token is generated by our self-hosted GitLab instance with the help of the https://docs.gitlab.com/ee/ci/yaml/#id_tokens keyword.

The token itself has no scopes and it's not possible to configure any. The API Gateway is configured without any scope requirements which is a valid configuration according to AWS docs.

Current Behaviour

Right now this configuration is not supported by the RequestContextV2AuthorizerJwt Model as it requires that a scopes field is present in the object. The validation fails and an exception is thrown

[ERROR] ValidationError: 1 validation error for APIGatewayProxyEventV2Model
requestContext.authorizer.jwt.scopes
Input should be a valid list [type=list_type, input_value=None, input_type=NoneType]
For further information visit https://errors.pydantic.dev/2.1/v/list_type
Traceback (most recent call last):
  File "/opt/python/lib/python3.10/site-packages/aws_lambda_powertools/middleware_factory/factory.py", line 135, in wrapper
    response = middleware()
  File "/opt/python/lib/python3.10/site-packages/aws_lambda_powertools/utilities/parser/parser.py", line 83, in event_parser
    parsed_event = parse(event=event, model=model, envelope=envelope) if envelope else parse(event=event, model=model)
  File "/opt/python/lib/python3.10/site-packages/aws_lambda_powertools/utilities/parser/parser.py", line 155, in parse
    return envelope().parse(data=event, model=model)
  File "/opt/python/lib/python3.10/site-packages/aws_lambda_powertools/utilities/parser/envelopes/apigwv2.py", line 30, in parse
    parsed_envelope: APIGatewayProxyEventV2Model = APIGatewayProxyEventV2Model.parse_obj(data)
  File "/opt/python/lib/python3.10/site-packages/typing_extensions.py", line 2562, in wrapper
    return __arg(*args, **kwargs)
  File "/opt/python/lib/python3.10/site-packages/pydantic/main.py", line 961, in parse_obj
    return cls.model_validate(obj)
  File "/opt/python/lib/python3.10/site-packages/pydantic/main.py", line 496, in model_validate
    return cls.pydantic_validator.validate_python(

Code snippet

@event_parser(model=Pipeline, envelope=envelopes.ApiGatewayV2Envelope)
def lambda_handler(event: Pipeline, context: LambdaContext):
  pass

Possible Solution

develop...smittnacht:powertools-lambda-python:jwt-scopes-as-optional

Steps to Reproduce

Create an AWS API Gateway with JWT Authorizer and with a Lambda Function integration. Don't configure any required scopes. Send an authenticated request to the endpoint without any scopes defined.

Powertools for AWS Lambda (Python) version

latest

AWS Lambda function runtime

3.10

Packaging format used

Lambda Layers

Debugging logs

No response

[boring-cyborg]

Thanks for opening your first issue here! We'll come back to you as soon as we can.
In the meantime, check out the #python channel on our Powertools for AWS Lambda Discord: Invite link

[leandrodamascena]

Hi @smittnacht! Thank you for opening this issue; I can confirm it is a bug. Scope field should not be mandatory in this case.

We plan to release a version on Thursday/Friday, but here in Powertools we strive to fix bugs ASAP! Please let me know if you can wait until Friday to fix this OR we can release a patch tomorrow.

[smittnacht]

Hi @leandrodamascena
Thank you for confirming this bug. A fix within this week will be absolutely fine. I've created a fork in order to continue my work.