- Newest
- Most votes
- Most comments
When you define app client settings in your pool you can define which scopes the client will be allowed. The scopes you defined for your resources should appear under "Allowed Custom Scopes". In that case the clients will have not access to more scopes than what you defined. They could ask for it, but they will not get it.
There is also this article published in knowledge center that explains the process better end-to-end https://aws.amazon.com/premiumsupport/knowledge-center/cognito-custom-scopes-api-gateway/
Hi Farzan,
You could do what you want using Cognito user pools by defining app clients, Resource servers and scopes. You can then secure your apis in AWS API Gateway using CognitoUserPoolAuthorizer and previously defined scopes on resource methods.
Check https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-define-resource-servers.html and https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-enable-cognito-user-pool.html
Thanks for your help.
But I think in that case my clients can ask for any scopes they want and I'm not able to control whether the requested scopes are accessible for them or not.
I haven't known about this feature. Thanks a lot for your help.
Very useful..
Relevant content
- Accepted Answerasked 2 years ago
- Accepted Answerasked 8 months ago
AWS OFFICIALUpdated 2 years ago- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- How do I use an interface VPC endpoint to access an API Gateway private REST API in another account?AWS OFFICIALUpdated 6 months ago
