chore: add swagger example

Author: rubenfonseca

examples/event_handler_rest/sam/swagger_ui_oauth2_template.yaml

@@ -18,11 +18,67 @@ Resources:
   HelloWorldFunction:
     Type: AWS::Serverless::Function
     Properties:
-      CodeUri: hello_world/
+      CodeUri: ../src
       Handler: swagger_ui_oauth2.lambda_handler
+      Environment:
+        Variables:
+          COGNITO_USER_POOL_DOMAIN: !Ref UserPoolDomain
       Events:
         AnyApiEvent:
           Type: Api
           Properties:
             Path: /{proxy+} # Send requests on any path to the lambda function
             Method: ANY # Send requests using any http method to the lambda function
+
+  CognitoUserPool:
+    Type: AWS::Cognito::UserPool
+    Properties:
+      UserPoolName: PowertoolsUserPool
+      Policies:
+        PasswordPolicy:
+          MinimumLength: 8
+          RequireLowercase: true
+          RequireNumbers: true
+          RequireSymbols: true
+          RequireUppercase: true
+
+  CognitoUserPoolClient:
+    Type: AWS::Cognito::UserPoolClient
+    Properties:
+      ClientName: PowertoolsClient
+      UserPoolId: !Ref CognitoUserPool
+      GenerateSecret: true
+      RefreshTokenValidity: 30
+      ExplicitAuthFlows:
+        - ALLOW_USER_PASSWORD_AUTH
+        - ALLOW_REFRESH_TOKEN_AUTH
+      SupportedIdentityProviders:
+        - COGNITO
+      CallbackURLs:
+        # NOTE: for this to work, your OAuth2 redirect url needs to precisely follow this format:
+        # https://<your_api_id>.execute-api.<region>.amazonaws.com/<stage>/swagger?format=oauth2-redirect
+        - !Sub "https://${ServerlessRestApi}.execute-api.${AWS::Region}.amazonaws.com/${ServerlessRestApi.Stage}/swagger?format=oauth2-redirect"
+      AllowedOAuthFlows:
+        - code
+      AllowedOAuthScopes:
+        - openid
+        - email
+        - profile
+        - aws.cognito.signin.user.admin
+      AllowedOAuthFlowsUserPoolClient: true
+
+  UserPoolDomain:
+    Type: AWS::Cognito::UserPoolDomain
+    Properties:
+      Domain: powertools-swagger-oauth2
+      UserPoolId: !Ref CognitoUserPool
+
+Outputs:
+  HelloWorldApiUrl:
+    Value: !Sub "https://${ServerlessRestApi}.execute-api.${AWS::Region}.amazonaws.com/${ServerlessRestApi.Stage}/swagger"
+
+  CognitoOAuthClientId:
+    Value: !GetAtt CognitoUserPoolClient.ClientId
+
+  CognitoDomain:
+    Value: !Ref UserPoolDomain

examples/event_handler_rest/src/swagger_ui_oauth2.py

@@ -1,3 +1,5 @@
+import os
+
 from aws_lambda_powertools import Logger, Tracer
 from aws_lambda_powertools.event_handler import (
     APIGatewayRestResolver,
@@ -13,24 +15,20 @@
 tracer = Tracer()
 logger = Logger()
 
-oauth2 = OAuth2Config(
-    client_id="your_oauth2_client_id",
-    client_secret="your_oauth2_secret",
-    app_name="OAuth2 Test",
-)
+region = os.getenv("AWS_REGION")
+cognito_domain = os.getenv("COGNITO_USER_POOL_DOMAIN")
 
 app = APIGatewayRestResolver(enable_validation=True)
-
-# NOTE: for this to work, your OAuth2 redirect url needs to precisely follow this format:
-# https://<your_api_id>.execute-api.<region>.amazonaws.com/<stage>/swagger?format=oauth2-redirect
 app.enable_swagger(
-    oauth2_config=oauth2,
+    # NOTE: for this to work, your OAuth2 redirect url needs to precisely follow this format:
+    # https://<your_api_id>.execute-api.<region>.amazonaws.com/<stage>/swagger?format=oauth2-redirect
+    oauth2_config=OAuth2Config(app_name="OAuth2 Test"),
     security_schemes={
         "oauth": OAuth2(
             flows=OAuthFlows(
                 authorizationCode=OAuthFlowAuthorizationCode(
-                    authorizationUrl="https://your-cognito-domain.eu-central-1.amazoncognito.com/oauth2/authorize",
-                    tokenUrl="https://your-cognito-domain.eu-central-1.amazoncognito.com/oauth2/token",
+                    authorizationUrl=f"https://{cognito_domain}.auth.{region}.amazoncognito.com/oauth2/authorize",
+                    tokenUrl=f"https://{cognito_domain}.auth.{region}.amazoncognito.com/oauth2/token",
                 ),
             ),
         ),