Cognito as Authorizer

Hi everyone!

From my Cognito login api, I am getting 3 tokens:
id_token,
access_token,
refresh_token.

Everything does make sense except the usage of access_token…

I managed to add authorizer to my api’s, it is expects me to add Authorization: "Bearer " + id_token for me to access protected API.

But I am confuse how can I change this to Authorization: "Bearer " + access_token? As per my research it should be the access_token used for accessing api endpoints not the id_token - Do we have a way to change this?

If there is no way to change the behavior, can I keep using id_token as my authorizer? does it impose any security issue?

My Codes for serverless.yaml

 ApiGatewayAuthorizer:
      Type: AWS::ApiGateway::Authorizer
      Properties:
        Name: BPP_AUTHORIZER
        Type: COGNITO_USER_POOLS
        IdentitySource: method.request.header.Authorization
        RestApiId:
          Ref: ApiGatewayRestApi
        ProviderARNs:
          - arn:aws:cognito-idp:${self:custom.settings.REGION}:${self:custom.settings.ACCOUNT_ID}:userpool/${self:custom.settings.USER_COGNITO_POOL_ID}

For my API itself:

Details:
  handler: src/functions/User/Account/Details/handler.Details
  events:
    - http:
        method: get
        path: /user/{userId}
        cors: true
        authorizer:
          type: COGNITO_USER_POOLS
          authorizerId:
            Ref: ApiGatewayAuthorizer

Thank you in advance. God Bless you! :slight_smile: