Cognito with API gateway integration

we are using Cognito user pool for the API gateway but somehow it shows below error

{"message":"Unauthorized"}

we are using token ID which works fine in test with API gateway but in case of URL call back it says {"message":"Unauthorized"}.

[Authorizers][1]

we have no idea what we are missing here

Thanks Siddharth Maheshwari

fouad
un anno fa
Porbably you facing the same issue https://repost.aws/questions/QUzf0Jka7rTHi4AkZ4G8YmzA#AN7qxwmkUUQFKVQIrmhV4Edg

Argomenti

Serverless Computazionali Front-end web e dispositivi mobili Networking e distribuzione di contenuti Sicurezza, identità e conformità

Tag

Serverless AWS Lambda Gateway API di Amazon AWS Amplify Amazon Cognito

Lingua

English

upon cloud

posta 2 anni fa938 visualizzazioni

3 Risposte

Più recenti
Maggior numero di voti
Maggior numero di commenti

Did you add the token to the Authorization header with a "Bearer " prefix? If you did, I suggest that you enable execution logs on the API and check why it is failing.

ESPERTO

Uri

con risposta 2 anni fa

upon cloud
2 anni fa
Hi

we are getting a below URL after Cognito signing

https://o0gv1hfg9i.execute-api.us-east-1.amazonaws.com/test/myresource#id_token=xxxxx&access_token=yyyyy&expires_in=3600&token_type=Bearer

and output is {"message":"Unauthorized"}

please advise if this is correct
Uri ESPERTO
2 anni fa
This is not correct. The token should be added to the Authorization header like this: Authorization: Bearer id_token (or maybe the access token)
upon cloud
2 anni fa
Hi

Below is our Cognito URL which provides us sign in page

https://yyyyy.auth.us-east-1.amazoncognito.com/login?client_id=xxxx&response_type=token&scope=openid&redirect_uri=https%3A%2F%2Fo0gv1hfg9i.execute-api.us-east-1.amazonaws.com%2Ftest%2Fmyresource

the output of the above URL is below the URL

https://o0gv1hfg9i.execute-api.us-east-1.amazonaws.com/test/myresource#id_token=xxxxx&access_token=yyyyy&expires_in=3600&token_type=Bearer

we are not changing anything here

please advise

Thanks

Please take a look at this page - https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-enable-cognito-user-pool.html

Are you sending an identity token or an access token in the Authorization header in the request to API Gateway?

If you are sending the access token, you need to specify OAuth Scopes? Can you check if you have configured that in the API Gateway methods where you are enabling Cognito User Pools based authentication?

ESPERTO

Indranil Banerjee AWS

con risposta 2 anni fa

upon cloud
2 anni fa
HI

We are sending an identity token. below are the details

Cognito URL which provides us sign in page

https://yyyyy.auth.us-east-1.amazoncognito.com/login?client_id=xxxx&response_type=token&scope=openid&redirect_uri=https%3A%2F%2Fo0gv1hfg9i.execute-api.us-east-1.amazonaws.com%2Ftest%2Fmyresource

the output of the above URL is below the URL

https://o0gv1hfg9i.execute-api.us-east-1.amazonaws.com/test/myresource#id_token=xxxxx&access_token=yyyyy&expires_in=3600&token_type=Bearer

we have configured that in the API Gateway methods with Cognito User Pools-based authentication. below are details

MyAuthorizer Authorizer ID: m9a1oe Cognito User Pool MyFirstUserPool - TpeUcTTj1 (us-east-1) Token Source Authorizaton

Token Validation

please advise

Thanks
Indranil Banerjee AWS ESPERTO
2 anni fa
Once the user signs in to the Cognito login page, the front-end application needs to include the generated token either identity or access token in the header of the API call to API Gateway using the header Authorization, as Uri explained. Are you doing that?

We have a good hands-on workshop that gives you a good feel of how you can make Cognito work with API Gateway - https://auth.serverlessworkshops.io/setup.html

we have tried all possible ways, but are still struggling to fix it.

please advise some solution

Thanks Siddharth Maheshwari

upon cloud

con risposta un anno fa

Contenuto pertinente

Come posso risolvere gli errori "Unable to verify secret hash for client<client-id>" ricevuti dall'API dei pool di utenti in Amazon Cognito?
AWS UFFICIALEAggiornata 3 anni fa
Come posso configurare un pool di utenti Amazon Cognito come autorizzatore su un'API REST di API Gateway?
AWS UFFICIALEAggiornata 3 anni fa
Come posso risolvere gli errori "401 Unauthorized" da un endpoint REST API di API Gateway dopo aver configurato un pool di utenti Amazon Cognito?
AWS UFFICIALEAggiornata 2 anni fa
Come si autorizza l'accesso alle API Gateway utilizzando gli ambiti personalizzati in Amazon Cognito?
AWS UFFICIALEAggiornata un anno fa

Cognito with API gateway integration

Token Validation

Contenuto pertinente