- 最新
- 最多得票
- 最多評論
When you define app client settings in your pool you can define which scopes the client will be allowed. The scopes you defined for your resources should appear under "Allowed Custom Scopes". In that case the clients will have not access to more scopes than what you defined. They could ask for it, but they will not get it.
There is also this article published in knowledge center that explains the process better end-to-end https://aws.amazon.com/premiumsupport/knowledge-center/cognito-custom-scopes-api-gateway/
Hi Farzan,
You could do what you want using Cognito user pools by defining app clients, Resource servers and scopes. You can then secure your apis in AWS API Gateway using CognitoUserPoolAuthorizer and previously defined scopes on resource methods.
Check https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-define-resource-servers.html and https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-enable-cognito-user-pool.html
Thanks for your help.
But I think in that case my clients can ask for any scopes they want and I'm not able to control whether the requested scopes are accessible for them or not.
相關內容
AWS 官方已更新 10 個月前- AWS 官方已更新 6 個月前
- AWS 官方已更新 1 年前
- AWS 官方已更新 2 年前