Update custom auth sample and readme to fully support signed authorizes

samples/mqtt/custom_authorizer_connect/README.md

@@ -35,12 +35,17 @@ Note that in a real application, you may want to avoid the use of wildcards in y
 
 </details>
 
+**Note** The sample also allows passing arguments to specify additional data your custom authorizer may need. The snippets below assume that the custom authorizer does not need these additional parameters, but in the general case, you will almost always need some of them depending on the authorizer's configuration and the associated Lambda function's internals.
+* `--custom_auth_username` - opaque string value passed to the authorizer via an MQTT Connect packet.  The authorizer's Lambda can check this value from the event JSON value it receives as input: `event.protocolData.mqtt.username`
+* `--custom_auth_password` - opaque binary value passed to the authorizer via an MQTT Connect packet.  The authorizer's Lambda can check this value from the event JSON value it receives as input: `event.protocolData.mqtt.password`
+* `--custom_auth_token_key_name` - (Signed authorizers only) The query string parameter name that the token value should be bound to in the MQTT Connect packet.
+* `--custom_auth_token_value` - (Signed authorizers only) An arbitrary value chosen by the user.  The user must also submit a digital signature of this value using the private key associated with the authorizer.
+* `--custom_auth_authorizer_signature` - (Signed authorizers only) a digital signature of the value of the `--custom_auth_token_value` parameter using the private key associated with the authorizer.  The binary signature value must be base64 encoded and then URI encoded; the SDK will not do this for you.
+
 # How to run
 
 To run the Custom Authorizer connect use the following command:
 
 ``` sh
 ./custom-authorizer-connect --endpoint <endpoint> --custom_auth_authorizer_name <authorizer name>
 ```
-
-**Note** The sample also allows passing additional arguments (`--custom_auth_username`, `--custom_auth_password`, and `custom_auth_authorizer_signature`) to fullfil the additional data your custom authorizer may need. The examples above assume that the custom authorizer does not need these additional parameters.

samples/mqtt/custom_authorizer_connect/main.cpp

@@ -32,7 +32,9 @@ int main(int argc, char *argv[])
         cmdData.input_customAuthUsername,
         cmdData.input_customAuthorizerName,
         cmdData.input_customAuthorizerSignature,
-        cmdData.input_customAuthPassword);
+        cmdData.input_customAuthPassword,
+        cmdData.input_customAuthTokenKeyName,
+        cmdData.input_customAuthTokenValue);
 
     // Create the MQTT connection from the MQTT builder
     auto clientConfig = clientConfigBuilder.Build();

samples/utils/CommandLineUtils.cpp

@@ -44,8 +44,8 @@ namespace Utils
     static const char *m_cmd_custom_auth_authorizer_name = "custom_auth_authorizer_name";
     static const char *m_cmd_custom_auth_authorizer_signature = "custom_auth_authorizer_signature";
     static const char *m_cmd_custom_auth_password = "custom_auth_password";
-    static const char *m_cmd_custom_auth_token_name = "custom_auth_token_name";
-    static const char *m_cmd_custom_token_value = "custom_auth_token_value";
+    static const char *m_cmd_custom_auth_token_key_name = "custom_auth_token_key_name";
+    static const char *m_cmd_custom_auth_token_value = "custom_auth_token_value";
     static const char *m_cmd_verbosity = "verbosity";
     static const char *m_cmd_log_file = "log_file";
     static const char *m_cmd_cognito_identity = "cognito_identity";
@@ -268,11 +268,23 @@ namespace Utils
         RegisterCommand(
             m_cmd_custom_auth_authorizer_signature,
             "<str>",
-            "The signature to send when connecting through a custom authorizer (optional)");
+            "(Signed authorizers only) a digital signature of the value of the `--custom_auth_token_value` parameter "
+            "using the private key associated with the authorizer.  The binary signature value must be base64 encoded "
+            "and then URI encoded; the SDK will not do this for you. (optional)");
         RegisterCommand(
             m_cmd_custom_auth_password,
             "<str>",
             "The password to send when connecting through a custom authorizer (optional)");
+        RegisterCommand(
+            m_cmd_custom_auth_token_key_name,
+            "<str>",
+            "(Signed authorizers only) The query string parameter name that the token value should be bound to in the "
+            "MQTT Connect packet. (optional)");
+        RegisterCommand(
+            m_cmd_custom_auth_token_value,
+            "<str>",
+            "(Signed authorizers only) An arbitrary value chosen by the user.  The user must also submit a digital "
+            "signature of this value using the private key associated with the authorizer. (optional)");
     }
 
     void CommandLineUtils::AddCognitoCommands()
@@ -624,8 +636,8 @@ namespace Utils
         returnData.input_customAuthorizerSignature =
             cmdUtils.GetCommandOrDefault(m_cmd_custom_auth_authorizer_signature, "");
         returnData.input_customAuthPassword = cmdUtils.GetCommandOrDefault(m_cmd_custom_auth_password, "");
-        returnData.input_customTokenKeyName = cmdUtils.GetCommandOrDefault(m_cmd_custom_auth_token_name, "");
-        returnData.input_customTokenValue = cmdUtils.GetCommandOrDefault(m_cmd_custom_token_value, "");
+        returnData.input_customAuthTokenKeyName = cmdUtils.GetCommandOrDefault(m_cmd_custom_auth_token_key_name, "");
+        returnData.input_customAuthTokenValue = cmdUtils.GetCommandOrDefault(m_cmd_custom_auth_token_value, "");
 
         return returnData;
     }

samples/utils/CommandLineUtils.h

@@ -232,8 +232,8 @@ namespace Utils
         Aws::Crt::String input_customAuthorizerName;
         Aws::Crt::String input_customAuthorizerSignature;
         Aws::Crt::String input_customAuthPassword;
-        Aws::Crt::String input_customTokenKeyName;
-        Aws::Crt::String input_customTokenValue;
+        Aws::Crt::String input_customAuthTokenKeyName;
+        Aws::Crt::String input_customAuthTokenValue;
         // Fleet provisioning
         Aws::Crt::String input_templateName;
         Aws::Crt::String input_templateParameters;