AWS Amplify and AWS Cognito: Website subscription verification
I have an Angular-based website in which users can subscribe to various services. In Cognito, I see that custom attributes can be associated with users, but I don't see how to verify those attributes on each API request. Would I use a trigger, for instance, to check the user's subscriptions? If so, could I get some guidance on how to do that? Thanks.
- Newest
- Most votes
- Most comments
Hi, standard and custom attributes will be included in user's id-token. you will need to pass this token to your APIs or backend, verify token signature, decode the token and then manually verify the value of attributes (like subscriptions).
If you are using API Gateway then you need a lambda authorzer, where you can do this token validation and verification of the claims. here is an example of lambda authorizer.
Relevant content
- asked 2 months ago
AWS OFFICIALUpdated 3 days ago- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated a year ago
This is specific to amplify API/graphQL, but is this the type of this you are looking for? https://docs.amplify.aws/cli/graphql/authorization-rules/#configure-custom-identity-and-group-claims. If not, add a little more detail to your question, thanks.