- Newest
- Most votes
- Most comments
I can see you're trying to use a Cognito Authorizer in the CF template, but I do not see where you are setting the scopes. Have you set that directly in API Gateway? Have you tested the APIGW with a token in the console to confirm it's working as expected?
If using SAM, check this as a resource for configuring : https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-property-api-cognitoauthorizer.html.
Check here for an example SAM CF template that creates a Cognito authorizer: https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-controlling-access-to-apis-cognito-user-pool.html
And lastly, here's an article to help troubleshoot the {"message":"Unauthorized"}
error: https://repost.aws/knowledge-center/api-gateway-cognito-401-unauthorized
Relevant content
- asked a year ago
- Accepted Answerasked 2 years ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 3 years ago