Anyone have a good modern example of using a cognito user pool authorizer?

JulioBarros · November 16, 2017, 10:45pm

I’m an AWS noob and am trying to set up a cognito user pool as an authorizer for my api-gateway lambda.

As far as I can tell the docs talk about about setting up the pool as an event source and I have not found a way to configure api-gateway. I expected it to be something like the cors: true setting where I’d just say authorizer: myPool … but I can’t seem to find an example.

I’ve searched around but strangely have not found exactly what I need. I see the references to aws_iam, user groups, etc. but am not sure how to get to the user pool.

Does anyone know where in the docs I can find that or of a blog post or something explaining it?

Thanks in advance.

bobbiebarker · December 4, 2017, 2:43am

Little delayed in the response, hopefully you’ve figured this out since you posted, but I believe the answer you’re looking for can be found here. Scroll down to the part where it talks about the user pool.

yn5 · June 20, 2018, 2:29pm

@bobbiebarker I have successfully protected an endpoint in my service following the example in that link by using a Cognito user pool arn. And by successfully meaning that once I request, I get back the message “Unauthorized”.

From what I’ve read I need to include a token received from logging in with Cognito in the request as an Authorization header. But when I do it does not allow me to reach the endpoint. What am I missing here?

This is my serverless.yml:

service:
  name: my-service

plugins:
  - serverless-webpack

provider:
  name: aws
  region: eu-central-1
  runtime: nodejs6.10


functions:
  create:
  handler: posts.get
  events:
    - http:
        path: posts/get
        method: get
        authorizer:
          arn: arn:aws:cognito-idp:us-east-1:xxx:userpool/us-east-1_ZZZ

And for the request I’m using Postman to include the Bearer token which results in a Authenitcation header like this:

Authentication: Bearer myTokenXXXXXXXXXXXXX

I’ve also tried removing the Bearer part from that header without any luck.

yn5 · June 20, 2018, 3:12pm

Just fixed it! Turned out I was using the accessToken from the response of cognitoUser#authenticateUser where I should use the idToken

dcabib · August 9, 2020, 12:16am

Hello @yn5… I am trying create user in Cognito User Pool using serverless… I was able to handle user authentication using this article https://www.serverless.com/blog/serverless-auth-with-aws-http-apis but I was not able to create user using an API Gateway / Lambda endpoint.

Do you have any reference how I should create a lambda function to be able to create a new users instead of using Host UI interface?

Thanks in advanced.

Topic		Replies	Views
Cognito authorizer not being set for API gateway Serverless Framework lambda	5	2978	August 18, 2023
API Authentication with Cognito Serverless Framework aws	7	12824	December 18, 2018
Adding a second authorizer of type COGNITO_USER_POOL fails Serverless Framework	0	838	April 19, 2019
Authorization and Authentication for API Gateway Serverless Architectures	0	636	March 25, 2019
Custom authorizer with cognito user pool service Serverless Framework aws	2	11233	February 13, 2018

Anyone have a good modern example of using a cognito user pool authorizer?

Related Topics