Custom authorizer with cognito user pool service

aws

#1

I have gone through several documents about cognito service, but still can’t get answer about how to manage cognito with custom authorizer.


I can create cognito user pool with above links. But I need know how to set custom authorizer handler (handler.js), do you have any samples for me?

authorizer:
  type: COGNITO_USER_POOLS
  id: tfnXXX
  identitySource: method.request.header.Authorization
  identityValidationExpression: someRegex

another sample I have:

      authorizer:
        name: authorizer
        arn: arn:aws:cognito-idp:us-east-1:123456789:userpool/us-east-1_XXXXXX
        claims:
          - email

So how the cognito custom authorizer handler.js looks like?


#2

Updates

Seems the sample codes can be found in

https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-integrate-with-cognito.html


#3

Did research on this for 2 weeks, I got big help from this repo, but I still have several questions.

I collect all of them with Cognito, will be appreciated if you give any words for help.

The codes in src/containers has login/signup modules to help end users to login with Cognito user pool accounts

After successfully login, src/Routes.js gives two options: /notes/new and /notes/:id which are mapped to two js files: src/containers/NewNote.js and src/containers/Note.js

These options are mapped to API Gateway event path (endpoint) with different methods:

  # apig path: https://<apigateway_url>/notes, method `POST`
  createNote(note) {
    return invokeApig({
      path: "/notes",
      method: "POST",
      body: note
    });
  }

  # apig path: https://<apigateway_url>/notes/{id}, method `GET`
  getNote() {
    return invokeApig({ path: `/notes/${this.props.match.params.id}` });
  }

  # apig path: https://<apigateway_url>/notes/{id}, method `DELETE`
  deleteNote() {
    return invokeApig({
      path: `/notes/${this.props.match.params.id}`,
      method: "DELETE"
    });
  }

  # apig path: https://<apigateway_url>/notes/{id}, method `PUT`
  saveNote(note) {
    return invokeApig({
      path: `/notes/${this.props.match.params.id}`,
      method: "PUT",
      body: note
    });
  }
  1. If I have 50 endpoints (/note is an endpoint for me). Do I have to write 50 * 2 js files to handles these endpoints?

  2. Are there any ways to accept endpoints as variables, so if the endpoint name is changed, I needn’t change the codes in Notes.js

  3. How to support {proxy+} in path, such as notes/{proxy+}?

  4. If I need control the permission that different groups to access different endpoint, how do you set the permission with Cognito groups to control it.

For example,

Group#1: endpoint1
userlist: tom, george.

Group#2: endpoint2
userlist: tom, john