From 2eb717ce0680c5afe518456d10735af9572abd4a Mon Sep 17 00:00:00 2001
From: Mike Friesen <mfriesen@gmail.com>
Date: Thu, 5 Oct 2023 20:06:23 -0500
Subject: [PATCH] update

---
 .../lambda/ApiAuthorizationBuilder.java       |  5 ++++-
 .../lambda/ApiAuthorizationBuilderTest.java   | 20 +++++++++++++++++++
 2 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/fkq-lambda-core/src/main/java/com/formkiq/aws/services/lambda/ApiAuthorizationBuilder.java b/fkq-lambda-core/src/main/java/com/formkiq/aws/services/lambda/ApiAuthorizationBuilder.java
index 750f50d29..a7a6c4aa4 100644
--- a/fkq-lambda-core/src/main/java/com/formkiq/aws/services/lambda/ApiAuthorizationBuilder.java
+++ b/fkq-lambda-core/src/main/java/com/formkiq/aws/services/lambda/ApiAuthorizationBuilder.java
@@ -335,7 +335,10 @@ private Collection<String> loadJwtGroups(final ApiGatewayRequestEvent event) {
       }
     }
 
-    groups.remove("authentication_only");
+    if (groups.contains("authentication_only")) {
+      groups.clear();
+    }
+
     return groups;
   }
 }
diff --git a/fkq-lambda-core/src/test/java/com/formkiq/aws/services/lambda/ApiAuthorizationBuilderTest.java b/fkq-lambda-core/src/test/java/com/formkiq/aws/services/lambda/ApiAuthorizationBuilderTest.java
index 53b539217..40e2d594a 100644
--- a/fkq-lambda-core/src/test/java/com/formkiq/aws/services/lambda/ApiAuthorizationBuilderTest.java
+++ b/fkq-lambda-core/src/test/java/com/formkiq/aws/services/lambda/ApiAuthorizationBuilderTest.java
@@ -419,4 +419,24 @@ void testApiAuthorizer12() throws Exception {
         api0.permissions().stream().map(p -> p.name()).collect(Collectors.joining(",")));
     assertEquals("no groups", api0.accessSummary());
   }
+  
+  /**
+   * Basic 'authentication_only' access.
+   */
+  @Test
+  void testApiAuthorizer13() throws Exception {
+    // given
+    String s0 = "[finance authentication_only]";
+    ApiGatewayRequestEvent event0 = getJwtEvent(s0);
+
+    // when
+    ApiAuthorization api0 = new ApiAuthorizationBuilder().build(event0);
+
+    // then
+    assertNull(api0.siteId());
+    assertEquals("", String.join(",", api0.siteIds()));
+    assertEquals("",
+        api0.permissions().stream().map(p -> p.name()).collect(Collectors.joining(",")));
+    assertEquals("no groups", api0.accessSummary());
+  }
 }