how can I access Cognito Client Id in Lambda function ?

Question

Hi Team,

I have an integration via Rest API , that calls a Lambda function in the back-end. I have implemented a JWT token based authentication on this API and have created an user pool in Cognito. This user pool is used to generate a JWT token using a resource server and my API client uses the OAuth url from resource server to get a token , based in App Integration Client Id and Secret. 
This integration is working fine and I am able to authenticate the API call as well using JWT Authorizer. However , after authentication , when the call comes to the lambda function , I want to know the client id against which the JWT token was created and used to call this API. Basically I want to know from which client this API request came from.    
I will appreciate your help on this question.

Thanks, 
~ RTech

Basel Mohamed · Answer

there are ways to achieve what you want in your Lambda function for a JWT-based authentication flow using Cognito:

1. Using Cognito Authorizer Claims (Recommended):
This method leverages claims added to the JWT token by the Cognito authorizer. Here's how it works:
Configure Claims in Cognito: In your Cognito user pool, navigate to "App integration settings" for your client app. Under "User pool mapping," enable the claim you want to use (e.g., "client_id"). This instructs Cognito to include the client ID in the token claims.

2. Using API Gateway Mapping Template (Alternative):
Cognito Authorizer with Custom Headers: Configure the Cognito authorizer in API Gateway to add a custom header to the request object passed to your Lambda function. This header can contain the client ID extracted from the token by the authorizer.
Access Header in Lambda: Your Lambda function can access the custom header containing the client ID using the event.headers dictionary.

how can I access Cognito Client Id in Lambda function ?

Add your answer

Relevant content