- 新しい順
- 投票が多い順
- コメントが多い順
When you define app client settings in your pool you can define which scopes the client will be allowed. The scopes you defined for your resources should appear under "Allowed Custom Scopes". In that case the clients will have not access to more scopes than what you defined. They could ask for it, but they will not get it.
There is also this article published in knowledge center that explains the process better end-to-end https://aws.amazon.com/premiumsupport/knowledge-center/cognito-custom-scopes-api-gateway/
Hi Farzan,
You could do what you want using Cognito user pools by defining app clients, Resource servers and scopes. You can then secure your apis in AWS API Gateway using CognitoUserPoolAuthorizer and previously defined scopes on resource methods.
Check https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-define-resource-servers.html and https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-enable-cognito-user-pool.html
Thanks for your help.
But I think in that case my clients can ask for any scopes they want and I'm not able to control whether the requested scopes are accessible for them or not.
関連するコンテンツ
- AWS公式更新しました 3年前
- AWS公式更新しました 10ヶ月前
- AWS公式更新しました 2年前