- 最新
- 投票最多
- 评论最多
Access Token should be used to AuthZ as they contain claims attributes. So when AuthN and AuthZ is used please use Access Token with claims while accessing your APIs. You can AuthZ user using claims
ID Token has only Identity of user basically email, phone etc it does not have claims AuthZ user to a specific API. This is used to validate the user identity only. So when using "Test" in authorize ID Token is use as its just validating Cognito connectivity and Token validity.
In real world use Access Token with claims in API gateway as API gateway always looks for claims.
As mentioned in following AWS documentation snippet, the Cognito Authorizer Test Panel expects Identity Token. Using Access Token there would return Unauthorized error.
After creating the COGNITO_USER_POOLS authorizer, you can optionally test invoke it by supplying an identity token that's provisioned from the user pool. You can obtain this identity token by calling the Amazon Cognito Identity SDK to perform user sign-in. You can also use the InitiateAuth action. Use the returned identity token, not the access token. Reference: https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-enable-cognito-user-pool.html
相关内容
- AWS 官方已更新 3 年前
- AWS 官方已更新 1 年前
- AWS 官方已更新 1 年前