Cognito with API gateway integration

we are using Cognito user pool for the API gateway but somehow it shows below error

{"message":"Unauthorized"}

we are using token ID which works fine in test with API gateway but in case of URL call back it says {"message":"Unauthorized"}.

[Authorizers][1]

we have no idea what we are missing here

Thanks Siddharth Maheshwari

fouad
일 년 전
Porbably you facing the same issue https://repost.aws/questions/QUzf0Jka7rTHi4AkZ4G8YmzA#AN7qxwmkUUQFKVQIrmhV4Edg

주제

서버리스 컴퓨팅 프론트엔드 웹 및 모바일 네트워킹 및 콘텐츠 전송 보안, 신원 및 규정 준수

태그

서버리스 AWS Lambda 아마존 API 게이트웨이 AWS Amplify 아마존 Cognito

언어

English

upon cloud

질문됨 2년 전938회 조회

3개 답변

최신
최다 투표
가장 많은 댓글

Did you add the token to the Authorization header with a "Bearer " prefix? If you did, I suggest that you enable execution logs on the API and check why it is failing.

전문가

Uri

답변함 2년 전

upon cloud
2년 전
Hi

we are getting a below URL after Cognito signing

https://o0gv1hfg9i.execute-api.us-east-1.amazonaws.com/test/myresource#id_token=xxxxx&access_token=yyyyy&expires_in=3600&token_type=Bearer

and output is {"message":"Unauthorized"}

please advise if this is correct
Uri 전문가
2년 전
This is not correct. The token should be added to the Authorization header like this: Authorization: Bearer id_token (or maybe the access token)
upon cloud
2년 전
Hi

Below is our Cognito URL which provides us sign in page

https://yyyyy.auth.us-east-1.amazoncognito.com/login?client_id=xxxx&response_type=token&scope=openid&redirect_uri=https%3A%2F%2Fo0gv1hfg9i.execute-api.us-east-1.amazonaws.com%2Ftest%2Fmyresource

the output of the above URL is below the URL

https://o0gv1hfg9i.execute-api.us-east-1.amazonaws.com/test/myresource#id_token=xxxxx&access_token=yyyyy&expires_in=3600&token_type=Bearer

we are not changing anything here

please advise

Thanks

Please take a look at this page - https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-enable-cognito-user-pool.html

Are you sending an identity token or an access token in the Authorization header in the request to API Gateway?

If you are sending the access token, you need to specify OAuth Scopes? Can you check if you have configured that in the API Gateway methods where you are enabling Cognito User Pools based authentication?

전문가

Indranil Banerjee AWS

답변함 2년 전

upon cloud
2년 전
HI

We are sending an identity token. below are the details

Cognito URL which provides us sign in page

https://yyyyy.auth.us-east-1.amazoncognito.com/login?client_id=xxxx&response_type=token&scope=openid&redirect_uri=https%3A%2F%2Fo0gv1hfg9i.execute-api.us-east-1.amazonaws.com%2Ftest%2Fmyresource

the output of the above URL is below the URL

https://o0gv1hfg9i.execute-api.us-east-1.amazonaws.com/test/myresource#id_token=xxxxx&access_token=yyyyy&expires_in=3600&token_type=Bearer

we have configured that in the API Gateway methods with Cognito User Pools-based authentication. below are details

MyAuthorizer Authorizer ID: m9a1oe Cognito User Pool MyFirstUserPool - TpeUcTTj1 (us-east-1) Token Source Authorizaton

Token Validation

please advise

Thanks
Indranil Banerjee AWS 전문가
2년 전
Once the user signs in to the Cognito login page, the front-end application needs to include the generated token either identity or access token in the header of the API call to API Gateway using the header Authorization, as Uri explained. Are you doing that?

We have a good hands-on workshop that gives you a good feel of how you can make Cognito work with API Gateway - https://auth.serverlessworkshops.io/setup.html

we have tried all possible ways, but are still struggling to fix it.

please advise some solution

Thanks Siddharth Maheshwari

upon cloud

답변함 일 년 전

Cognito with API gateway integration

Token Validation

관련 콘텐츠