Hi everyone!
From my Cognito login api, I am getting 3 tokens:
id_token,
access_token,
refresh_token.
Everything does make sense except the usage of access_token…
I managed to add authorizer to my api’s, it is expects me to add Authorization: "Bearer " + id_token for me to access protected API.
But I am confuse how can I change this to Authorization: "Bearer " + access_token? As per my research it should be the access_token used for accessing api endpoints not the id_token - Do we have a way to change this?
If there is no way to change the behavior, can I keep using id_token as my authorizer? does it impose any security issue?
My Codes for serverless.yaml
ApiGatewayAuthorizer:
Type: AWS::ApiGateway::Authorizer
Properties:
Name: BPP_AUTHORIZER
Type: COGNITO_USER_POOLS
IdentitySource: method.request.header.Authorization
RestApiId:
Ref: ApiGatewayRestApi
ProviderARNs:
- arn:aws:cognito-idp:${self:custom.settings.REGION}:${self:custom.settings.ACCOUNT_ID}:userpool/${self:custom.settings.USER_COGNITO_POOL_ID}
For my API itself:
Details:
handler: src/functions/User/Account/Details/handler.Details
events:
- http:
method: get
path: /user/{userId}
cors: true
authorizer:
type: COGNITO_USER_POOLS
authorizerId:
Ref: ApiGatewayAuthorizer
Thank you in advance. God Bless you! 