Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

$context.authorizer.claims.email blank

0

I'm trying out a Cognito authorizer for API gateway calling a Lambda function.

It mostly works but I can never get user email address from the context. I have a mapping template including:

"cognito": {
"email" : "$context.authorizer.claims.email",
"username" : "$context.authorizer.claims.username",
"sub" : "$context.authorizer.claims.sub",
}

The 'sub' and 'username' fields come through fine, but the email is always blank. When I call the userInfo endpoint using the access token I do get the email returned, along with username and sub.

Is this a permissions problem?

Thanks

Topics
ServerlessCompute
Tags
AWS Lambda
Language
English
asked 5 years ago1.9K views
2 Answers
0

Are you using the access token or ID token in the authorisation header? IIRC, only the ID token contains the user's email address. If the email claim isn't included in the token's claims, the authoriser can't supply it to your Lambda. You can check the claims in your token by [decoding](https://jwt.io/) it.

answered 5 years ago
0

Ah, thanks. I'm using the access token. I assumed that the Authorizer would contact Cognito and get user information. Didn't realise it was all encoded in the token.

answered 5 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content