Cognito authorizer not being set for API gateway

Serverless Framework
1

I’m currently having issues on adding a simple cognito userpool as the authorizer function. The serverless file specifies the authorizer but yet it is not being set in the AWS Gateway as the authorizer (confirmed by AWS console dashboard).

My serverless file looks like this:

functions:
  create:
    handler: handler.createSite
    events:
      - http:
          path: sites
          method: post
        integration: lambda-proxy
        authorizer: cognitoAuthorizer
        cors:
          origins:
            - '*'
          headers:
            - Content-Type
            - X-Amz-Date

And under resources I have this:

resources:
apiGatewayAuthorizer: 
      Type: AWS::ApiGateway::Authorizer
      Properties: 
        Name: cognitoAuthorizer
        Type: COGNITO_USER_POOLS
        IdentitySource: method.request.header.Authorization
        RestApiId: 
          Ref: ApiGatewayRestApi
        ProviderARNs: 
          - 'arn:aws:cognito-idp:us-east-1:2xxxxxx8:userpool/us-east-1_5kKNNXXX'

Am I doing anything wrong here? I feel like this should be very easy thing to do, yet I’m having massive issues using Cognito with serverless.

2

Your indentation looks incorrect.

Based on the docs I don’t think you need the resources section at all.

functions:
  create:
    handler: handler.createSite
    events:
      - http:
          path: sites
          method: post
          authorizer:
            arn: arn:aws:cognito-idp:us-east-1:2xxxxxx8:userpool/us-east-1_5kKNNXXX
3

@buggy Would that create the resources then, or would I have to do that manually through the AWS console?

4

@kgoedecke You still need to create the User Pool which can be done manually or in the resources section.

5

Issue has been resolved, it was just an indention problem! Thanks guys!

1 Like
6

Hey bro, by any chance do you know why my cognito authorizer only honors id_token from Header.Authorization: "Bearer " + id_token? - I cannot find a way to change this into "Bearer " + access_token.

from login response I am getting
id_token
access_token
refresh_token

Can you enlighthen me please?