By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

HTTP API with JWT Authoriser

0

I have Cognito User Pool setup and used amplify setup for my page and got a ID token. I am trying to use that to authorize a HTTP API using JWT authorizer . Using the jwt.io I tried to decode the JWT and got the ISS. I have this setup .

Issuer = <iss value from token>
audience = aud (this has the app client id for the cognito user pool>
Identity source = $request.header.Authorization

Since I use the ID token, I did not setup any scope. I tried to test this with curl

curl -X POST <api endpoint> -H 'Authorization:<jsw ID token>'

I get

401: Unauthorised

Note : The API works fine if I detach the authorizer. Also, the token works fine if I create a REST API and configure the cognito authoriser

Would appreciate if someone can help.

Edited by: koude on Apr 23, 2020 6:42 PM

Topics
ServerlessFront-End Web & MobileNetworking & Content Delivery
Tags
Amazon API Gateway
Language
English
koude
asked 4 years ago475 views
2 Answers
1

Hello, can you check the "www-authenticate" header in the response? There should be a message with additional information there.

AWS
AWS-User-9438795
answered 4 years ago
1

It helped. I had a wrong audience. Need to put the app_client_id of the Cognito User Pool in the "Audience" field of the JWT authorizer.

This is the value that is in the JWT for key "aud"

Thanks.

koude
answered 4 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content