Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Cognito Authorizer Token not working - returning Unauthorized

0

I have set up a cognito authorizer for my API Gateway. What I am doing in my app is calling

const authToken = await fetchAuthSession().tokens.idToken.toString();

I am then passing that "authToken" value into my post request to my apiGateway which should authorize and enter the lambda my gateway is triggering

let restCall = post({
        apiName: "MY_API", // The name of my API Gateway
        path: "MY_PATH", // The name of my resource in the API Gateway
        options: {body:parameters},
        headers: {'Authorization': authToken, 'Content-Type': 'application/json'}
    });

    const { body } = await restCall.response;
    const response = await body.json();

What I am getting back is an "unauthorized error". If I test the authorizer with that exact same authToken value I get a successful Response Likewise in postman, by adding the "Authorization" header manually with the value being the idToken I have from the first line of code above

But no joy in my code. Does anyone have any idea what might be happening? Is there anything else that needs to get added to the post call in the code? I have also tried adding it using Bearer syntax i.e. "Authorization: Bearer MY_ID_TOKEN" Frustratingly all other topics I've found on this where were people were using the "access_token" instead of the "id_token", but I'm already using the id_token!

Note I have also already gone through the steps in this troubleshooting post

Topics
ServerlessFront-End Web & MobileComputeSecurity, Identity, & ComplianceNetworking & Content Delivery
Tags
Amazon API GatewayAmazon CognitoAWS Lambda
Language
English
asked 2 years ago464 views
2 Answers
1
Accepted Answer

As WangQinYang has said, the headers are in the wrong place. Should be in the options object, as per documentation:

async function updateItem() {
  await del({
    apiName: 'myRestApi',
    path: 'items/1',
    options: {
      headers: {
        Authorization: authToken
      }
    }
  }).response;
}

https://docs.amplify.aws/gen1/javascript/build-a-backend/restapi/customize-authz/

answered 2 years ago
EXPERT
reviewed 2 years ago
0

Hi,

What I am getting back is an "unauthorized error". If I test the authorizer with that exact same authToken value I get a successful Response Likewise in postman, by adding the "Authorizer" header manually with the value being the idToken I have from the first line of code above

You mentioned here that you added the "Authorizer" header when using Postman, but your code uses the ”Authorization“ header.

headers: {'Authorization': authToken, 'Content-Type': 'application/json'}

You say you can get a normal response with Postman, I think the id_token should be in effect, and would suggest checking what the difference is between the Postman configuration and the code.

answered 2 years ago
  • DinoM
    2 years ago

    Apologies that was a typo in my post, I am sending "Authorization" in both Postman and my code. I have corrected the post.

  • qinyang.wang
    2 years ago

    I checked the amplify documentation about the use of tokens and found that headers should be in options, for example:

    async function updateItem() {
  await del({
    apiName: 'myRestApi',
    path: 'items/1',
    options: {
      headers: {
        Authorization: authToken
      }
    }
  }).response;
}

    https://docs.amplify.aws/gen1/javascript/build-a-backend/restapi/customize-authz/

  • DinoM
    2 years ago

    WangQinYang, yep that was the right answer, I noticed that yesterday and correct the placement of the headers and that sorted it. I had at looked the definition of the post method which has a "headers" parameter, and just assumed that they should go in there as an object. Rather silly mistake but glad it was something simple at least! I will update the post to reflect this as the correct answer

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content