HTTP API with JWT Authoriser


I have Cognito User Pool setup and used amplify setup for my page and got a ID token. I am trying to use that to authorize a HTTP API using JWT authorizer . Using the I tried to decode the JWT and got the ISS. I have this setup .

Issuer = <iss value from token>
audience = aud (this has the app client id for the cognito user pool>
Identity source = $request.header.Authorization

Since I use the ID token, I did not setup any scope. I tried to test this with curl

curl -X POST <api endpoint> -H 'Authorization:<jsw ID token>'

I get

401: Unauthorised

Note : The API works fine if I detach the authorizer. Also, the token works fine if I create a REST API and configure the cognito authoriser

Would appreciate if someone can help.

Edited by: koude on Apr 23, 2020 6:42 PM

asked 4 years ago371 views
2 Answers

Hello, can you check the "www-authenticate" header in the response? There should be a message with additional information there.

answered 4 years ago

It helped. I had a wrong audience. Need to put the app_client_id of the Cognito User Pool in the "Audience" field of the JWT authorizer.

This is the value that is in the JWT for key "aud"


answered 4 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions