使用AWS Cognito进行API网关授权

时间:2018-09-13 19:43:40

标签: amazon-web-services authentication authorization aws-api-gateway aws-cognito

我当前正在将Hosted Cognito UI与用户池一起使用。通过使用池设置中设置的域,我可以将用户发送到登录屏幕:

https://<domain>.auth.eu-west-1.amazoncognito.com/login?response_type=code&client_id=<client_id>&redirect_uri=<redirect_uri>

成功输入用户名/密码后,Cognito现在将重定向到池设置和上述URL中指定的URL。这指向API网关中的/ GET,该网关通过AWS Cognito启用了授权。但是,我总是被拒绝访问:

{"message":"Unauthorized"}

请注意,如果我:

curl --header "Authorization: <the authorization token>" https://<the redirect url>

然后我被授权并从API网关获得所需的结果。

我的假设是将授权令牌从Cognito传递到API Gateway时出了一些问题。我的设置如下:

API网关设置

/ GET方法请求

Authorization: my-cognito-user-pool
OAuth Scope: None
Request Validator: Validate query string parameters and headers
API Key Required: false

*HTTP Request Headers*
Name: Authorization, Required:N, Caching:N

/ GET集成请求

Integration Type: Lambda Function
Use Lamba Proxy Integration: N
Lambda Region: eu-west-1
Lambda Function: my-lambda-function
Invoke with caller credentials: N (it does not allow me to check this box)
Use Default Timeout: Y

*HTTP Headers*

Name: Authorization, Mapped From: method.request.header.Authorization, Caching: N

认知设置

enter image description here

enter image description here

谢谢!

0 个答案:

没有答案