feat: support dev Okta JWT tokens

[ktwbc]

Description

Need to work locally with an Okta dev JWT instead of cognito. There was only one key difference that had to be implemented.

Motivation and Context

Local httpApi JWT validation was written around Cognito but would not work with a dev JWT token from Okta. The only key difference is scopes provided as an scp array instead of a scopes text string, so the changes were just related to that. It will use the scp array if provided, but falls back to original behavior otherwise.

In unit tests, I did put in a new authorizer in the serverless.yml also reflecting the different audience and a JWT Okta example showing some other differences like cid vs client_id but the authorizer already handles those differences.

How Has This Been Tested?

Tested with dev key on my own project using serverless-offline pointing to file:// per docs from my original project
Wrote a unit test with an Okta JWT token in the same format
Ran full existing test suites

Screenshots (if appropriate):

[ktwbc]

so I thought the unit test passed but I guess it didn't. I'm very confused because the feature works in real use, and I can log the output of createJWTAuthScheme.js using log.warning() and it builds the correct response converting scp into scopes:

{ credentials:
   { claims:
      { ver: 1,
        jti: 'AT.FMONSagvuix9mndLkk9VG5fxxxxxxxxsv8KcgZJU',
        iss: 'https://dev-12345555.okta.com/oauth2/default',
        aud: 'api://default',
        iat: 1716743614,
        exp: 1716747214,
        cid: '0oa6k6m4wnwyxxxxx',
        uid: '00u5w9j9a8oTbxxxx',
        scp: [ 'openid', 'profile', 'email' ],
        auth_time: 1716734304,
        sub: '[email protected]' },
     scopes: [ 'openid', 'profile', 'email' ] } }

yet the unit test says that scopes is missing on the response.

[ktwbc]

So it turns out that on createJWTAuthScheme the code that returns the scope entry ---

return h.authenticated({
          credentials: {
            claims,
            scopes, <------ ignored by calling function
          },
        })

doesn't actually do anything, the item passed back here are completely ignored. In fact, on my PR I commented out the variable as it made no difference on unit tests at all. That in itself may be a bug, but for the purposes of this PR, since the original code of testing scp works, and the test reflects that, I committed that version.

[DorianMazur]

Thank you @ktwbc. Some code was missing in LambdaProxyIntegrationEvent class. Now everything works as expected. I will merge it after running CI.