By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Issue with API Gateway Authorizer with Cognito

0

I am having an issue with my Authorizer in Amazon API Gateway. I've set my method requests to use the authorizer I've created. I've set the cognito user pool to the user pool I'm seeing my users in. When I try to use the access token generated by Amplify as Authorization in the header of my request, I'm getting the following response:

Response code: 401 {"message":"Unauthorized"}

I've also tried clicking "Test" under my Authorizer and pasting the token directly. Using this approach, I am getting the following: "Unauthorized request: 65186156-a9a2-4346-a1fa-078e37c1570c"

I assume this is a reference number for the attempt as it's different every time I test. Does anybody have any ideas for how to resolve this? Thanks!

Topics
ServerlessFront-End Web & MobileNetworking & Content DeliverySecurity, Identity, & Compliance
Tags
Amazon API GatewayAWS AmplifyAmazon Cognito
Language
English
SayLess
asked 8 months ago888 views
1 Answer
0

Hello,

Thank you for posting on AWS re:Post!

I see that you have added Cognito as authorizer for your API gateway and generated access token using amplify. However, when you are passing this access token as Authorization in the header of request, you are getting response code: 401 {"message":"Unauthorized"}. Additionally, you have tried testing authorizer by passing token directly you got "Unauthorized request" error.

Firstly, I would like to inform you that you can test your authorizer by passing identity token to your authorizer from console. You can't use access token to test it. As you have mentioned that you have got access token from amplify and tried testing, Hence you are getting Unauthorized request error. You need to test it with id token.

Secondly, to use access token with your API gateway you need to add oAuth Scopes in your method and same Oauth scope needs to be present in your JWT access token for validation. Please find more details in below AWS reference document for using access token with your method.

https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-enable-cognito-user-pool.html

Additionally, I would like to share below reference document which has possible solution for fixing the "401 Unauthorized" errors from an API Gateway.

https://repost.aws/knowledge-center/api-gateway-cognito-401-unauthorized

I hope this information will be helpful to you.

Thank you!!

AWS
SUPPORT ENGINEER
Vishal_J
answered 8 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content