Cognito with API gateway integration

we are using Cognito user pool for the API gateway but somehow it shows below error

{"message":"Unauthorized"}

we are using token ID which works fine in test with API gateway but in case of URL call back it says {"message":"Unauthorized"}.

[Authorizers][1]

we have no idea what we are missing here

Thanks Siddharth Maheshwari

fouad
il y a un an
Porbably you facing the same issue https://repost.aws/questions/QUzf0Jka7rTHi4AkZ4G8YmzA#AN7qxwmkUUQFKVQIrmhV4Edg

Sujets

Sans serveur Calcul Web et mobile front-end Réseaux et diffusion de contenu Sécurité, identité et conformité

Balises

Sans serveur AWS Lambda Passerelle API Amazon AWS Amplify Amazon Cognito

Langue

English

upon cloud

demandé il y a 2 ans938 vues

3 réponses

Le plus récent
Le plus de votes
La plupart des commentaires

Did you add the token to the Authorization header with a "Bearer " prefix? If you did, I suggest that you enable execution logs on the API and check why it is failing.

EXPERT

Uri

répondu il y a 2 ans

upon cloud
il y a 2 ans
Hi

we are getting a below URL after Cognito signing

https://o0gv1hfg9i.execute-api.us-east-1.amazonaws.com/test/myresource#id_token=xxxxx&access_token=yyyyy&expires_in=3600&token_type=Bearer

and output is {"message":"Unauthorized"}

please advise if this is correct
Uri EXPERT
il y a 2 ans
This is not correct. The token should be added to the Authorization header like this: Authorization: Bearer id_token (or maybe the access token)
upon cloud
il y a 2 ans
Hi

Below is our Cognito URL which provides us sign in page

https://yyyyy.auth.us-east-1.amazoncognito.com/login?client_id=xxxx&response_type=token&scope=openid&redirect_uri=https%3A%2F%2Fo0gv1hfg9i.execute-api.us-east-1.amazonaws.com%2Ftest%2Fmyresource

the output of the above URL is below the URL

https://o0gv1hfg9i.execute-api.us-east-1.amazonaws.com/test/myresource#id_token=xxxxx&access_token=yyyyy&expires_in=3600&token_type=Bearer

we are not changing anything here

please advise

Thanks

Please take a look at this page - https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-enable-cognito-user-pool.html

Are you sending an identity token or an access token in the Authorization header in the request to API Gateway?

If you are sending the access token, you need to specify OAuth Scopes? Can you check if you have configured that in the API Gateway methods where you are enabling Cognito User Pools based authentication?

EXPERT

Indranil Banerjee AWS

répondu il y a 2 ans

upon cloud
il y a 2 ans
HI

We are sending an identity token. below are the details

Cognito URL which provides us sign in page

https://yyyyy.auth.us-east-1.amazoncognito.com/login?client_id=xxxx&response_type=token&scope=openid&redirect_uri=https%3A%2F%2Fo0gv1hfg9i.execute-api.us-east-1.amazonaws.com%2Ftest%2Fmyresource

the output of the above URL is below the URL

https://o0gv1hfg9i.execute-api.us-east-1.amazonaws.com/test/myresource#id_token=xxxxx&access_token=yyyyy&expires_in=3600&token_type=Bearer

we have configured that in the API Gateway methods with Cognito User Pools-based authentication. below are details

MyAuthorizer Authorizer ID: m9a1oe Cognito User Pool MyFirstUserPool - TpeUcTTj1 (us-east-1) Token Source Authorizaton

Token Validation

please advise

Thanks
Indranil Banerjee AWS EXPERT
il y a 2 ans
Once the user signs in to the Cognito login page, the front-end application needs to include the generated token either identity or access token in the header of the API call to API Gateway using the header Authorization, as Uri explained. Are you doing that?

We have a good hands-on workshop that gives you a good feel of how you can make Cognito work with API Gateway - https://auth.serverlessworkshops.io/setup.html

we have tried all possible ways, but are still struggling to fix it.

please advise some solution

Thanks Siddharth Maheshwari

upon cloud

répondu il y a un an

Contenus pertinents

elastic disaster recovery - Authenticate with service
Réponse acceptée
rePost-User-5960561
demandé il y a un an
LIghstail Instance in suspens
rePost-User-6587585
demandé il y a un an
Choix outils AWS worker haute charge
Benjamin BENOIT
demandé il y a un an
error 403 / cloud front
nico-HPF
demandé il y a un mois
Comment configurer un groupe d'utilisateurs Amazon Cognito en tant qu'autorisateur sur une API REST d'API Gateway ?
AWS OFFICIELA mis à jour il y a 3 ans
Comment autoriser l'accès aux API de la passerelle d’API à l'aide d'étendues personnalisées dans Amazon Cognito ?
AWS OFFICIELA mis à jour il y a un an
Comment autoriser les utilisateurs de l’API REST API Gateway à exécuter Lambda en utilisant le rôle d’exécution d’un groupe d’utilisateurs Amazon Cognito ?
AWS OFFICIELA mis à jour il y a un an
Comment résoudre les erreurs « 401 Non autorisé » d'un point de terminaison API REST API Gateway après avoir configuré un groupe d'utilisateurs Amazon Cognito ?
AWS OFFICIELA mis à jour il y a 2 ans

Cognito with API gateway integration

Token Validation

Contenus pertinents