Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

Authenticate AWS Gateway request against Cognito user pool using the acces token instead of the id token?

0

Hi!

I'm building a new API using AWS Gateway, and I need to authenticate the requests agains my already working Cognito user pool using the acess token instead of the id token, but I did not manage to do it even changing the scopes of the methods in the gateway.

I read that is not very secure to send back to the frontend the id token instead of the access token to do the requests. So we are using the access token to do the request to my already existing API (That is not built with AWS Gateway).

How can I make the AWS Gateway work with the access token instead of the id token when the frontend send a request to this new API I need?

Thank you guys!

Temas
Sin servidorWeb y móvil front-endRedes y entrega de contenidoSeguridad, identidad y cumplimientoAWS Well-Architected Framework
Etiquetas
Amazon API GatewayAmazon CognitoSeguridadAPI de soporte
Idioma
English
cao95
preguntada hace 4 meses182 visualizaciones
1 Respuesta
0
Respuesta aceptada

Hi,

Please refer the link below on how to configure an API Gateway to work with cognito access tokens: https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-enable-cognito-user-pool.html

Also, there is a related article on the knowledge centre which may also be helpful.

https://repost.aws/knowledge-center/cognito-custom-scopes-api-gateway

Thanks, Rama

profile pictureAWS
Rama
respondido hace 4 meses

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante