apigw certificate bound access token example added

[kbdraai]

Issue #, if available:

Description of changes:
Added certificate bound access token support using API Gateway and Cognito. Provided through a SAM template.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

[ellisms]

@kbdraai I started testing this, but the Lambda Authorizer function fails with the following error:

[ERROR] Runtime.ImportModuleError: Unable to import module 'handlers.authorizer': PyO3 modules compiled for CPython 3.8 or older may only be initialized once per interpreter process
Traceback (most recent call last):

[kbdraai]

@ellisms Thanks for looking at this.

Did you run a sam build with use_container=true?
I ran through it again and it works for me. The issue seems with the build phase as it seems that it was build with python 3.8 modules.

Can you elaborate on the process you followed?
The OS?
Did you fill in the complete the samconfig.toml file with the values required?

[ellisms]

@kbdraai --use-container resolves the build issue. The authorizer does run, but encounters the following error:

[ERROR]	2025-01-17T12:57:25.240Z	a7d3911a-9ba5-431e-b033-e61187dc635a	Traceback (most recent call last):
  File "/opt/python/jose/jws.py", line 176, in _load
    signing_input, crypto_segment = jwt.rsplit(b".", 1)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
ValueError: not enough values to unpack (expected 2, got 1)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/opt/python/jose/jwt.py", line 183, in get_unverified_header
    headers = jws.get_unverified_headers(token)
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/python/jose/jws.py", line 109, in get_unverified_headers
    return get_unverified_header(token)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/python/jose/jws.py", line 90, in get_unverified_header
    header, claims, signing_input, signature = _load(token)
                                               ^^^^^^^^^^^^
  File "/opt/python/jose/jws.py", line 180, in _load
    raise JWSError("Not enough segments")
jose.exceptions.JWSError: Not enough segments

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/var/task/handlers/authorizer.py", line 36, in lambda_handler
    verified_claims = verify_jwt(token)
                      ^^^^^^^^^^^^^^^^^
  File "/var/task/handlers/authorizer.py", line 66, in verify_jwt
    headers = jwt.get_unverified_headers(token)
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/python/jose/jwt.py", line 205, in get_unverified_headers
    return get_unverified_header(token)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/python/jose/jwt.py", line 185, in get_unverified_header
    raise JWTError("Error decoding token headers.")
jose.exceptions.JWTError: Error decoding token headers.