Adding Authorizer to API Gateway for external systems to use our APIs

Question

We have REST API deployed in API Gateway but not open publicly. I would like to add authorizer service to API Gateway so that consumer application can request token and use that token to authenticate API. I have explored Azure App option but having issue with custom scopes. I came across AWS Lambda authorizer or Incognito functionality but I am not sure how to use it. Documentation takes to various links and I lost there.
I have question, What is best option to add authorizer to API Gateway Cognito User pool or Lambda Authorizer or Azure App Registration.

In Azure App registration, I am able to get session token successfully and I have added custom lambda authorizer to validate token but it is not working with custom scopes. Can someone please share lab practice or step by step guide on how to enable oAuth authorizer for API Gateway.

Philippe_L · Answer

The easiest way to add an authorizer to API Gateway is to use an Amazon Gognito user pool as your identity provider.
Once you created your Cognito user pool, you create an authorizer of type Cognito in API Gateway that points to this user pool.
https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-integrate-with-cognito.html
You application will first have to authenticate towards Amazon Cognito and then use the token (either id or access depending on the use case) when calling API Gateway endpoints.
Here is a publish workshop you can follow: https://catalog.us-east-1.prod.workshops.aws/workshops/5079f77b-4228-442e-baba-06a1065f67e1/en-US/module-2/step-6
If this doesn't answer your question, please explain how your "consumer application" authenticates for getting a token.

Adding Authorizer to API Gateway for external systems to use our APIs

Add your answer

Relevant content