From 2ef9d2e41fda5f43f7a848fb93c892e566455f8f Mon Sep 17 00:00:00 2001 From: tsushanth <78000697+tsushanth@users.noreply.github.com> Date: Wed, 1 Jul 2026 06:59:52 -0700 Subject: [PATCH] fix(apis): use rule name instead of composite name in OIDC resource identifier _oidc_to_resource was using b.name (the composite "{rule_name}-{api_name}" key used internally by _create_resource for deduplication) as the ResourceIdentifier.name. The security scheme is declared under this composite name, but route security definitions reference the original options.name ("cognito-auth-rule"), so API Gateway receives an OpenAPI spec with a security reference that doesn't match any scheme in securitySchemes and silently ignores the JWT authorizer. b.rule_name (= options.name) is already stored on OidcSecurityDefinition for this purpose; use it in the ResourceIdentifier so the declared scheme name matches what routes reference. Fixes nitrictech/nitric#919 --- nitric/resources/apis.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nitric/resources/apis.py b/nitric/resources/apis.py index ea40b4b..7a22aa3 100644 --- a/nitric/resources/apis.py +++ b/nitric/resources/apis.py @@ -548,7 +548,7 @@ def __init__(self, name: str, issuer: str, audiences: List[str], scopes: List[st def _oidc_to_resource(b: OidcSecurityDefinition) -> ResourceIdentifier: """Generate a resource identifier for an OIDC security definition.""" - return ResourceIdentifier(name=b.name, type=ResourceType.ApiSecurityDefinition) + return ResourceIdentifier(name=b.rule_name, type=ResourceType.ApiSecurityDefinition) class OidcSecurityDefinition(BaseResource):