Hi,
First, I am pretty new to AWS ...
I try to invoke an API in the AWS API Gateway from a Google OAuth Client App. I set up successfully an identity pool in Cognito with Google as Identity provider.
This identity pool gives user access to an authenticated role by default with "AmazonAPIGatewayInvokeFullAccess" and "Cognito-authenticated" policies.
When requesting the Cognito service from my Google OAuth Client app, the "google" user of my app is identified in Cognito and I can get either a OpenId token calling "AWSCognitoIdentityService.GetOpenIdToken" or either AWS credentials calling "AWSCognitoIdentityService.GetCredentialsForIdentity"
Then, i have an Api in the API Gateway service set with the IAM Authorization mechanism.
From there, I am stuck to call my API hosted in the API Gateway service from my Google OAuth Client app or Postman : when passing the OpenId token returned by Cognito in request.headers.Authorization, i receive a 403 error {"message ": "forbidden"}.
Could someone can help me and tell me where I am wrong ?
Thanks,
Seb
AWS OFFICIALUpdated 2 years ago
I am invoking a HTTP API via APIGW with IAM (integrated) as Authorizer.
What is your answer about the use of an identity pool to access AWS ressources as I can get an OpenID token from it ? While I am not authorized with this OpenId token, what is its purpose then ?