我当前正在将Hosted Cognito UI与用户池一起使用。通过使用池设置中设置的域,我可以将用户发送到登录屏幕:
https://<domain>.auth.eu-west-1.amazoncognito.com/login?response_type=code&client_id=<client_id>&redirect_uri=<redirect_uri>
成功输入用户名/密码后,Cognito现在将重定向到池设置和上述URL中指定的URL。这指向API网关中的/ GET,该网关通过AWS Cognito启用了授权。但是,我总是被拒绝访问:
{"message":"Unauthorized"}
请注意,如果我:
curl --header "Authorization: <the authorization token>" https://<the redirect url>
然后我被授权并从API网关获得所需的结果。
我的假设是将授权令牌从Cognito传递到API Gateway时出了一些问题。我的设置如下:
API网关设置
/ GET方法请求
Authorization: my-cognito-user-pool
OAuth Scope: None
Request Validator: Validate query string parameters and headers
API Key Required: false
*HTTP Request Headers*
Name: Authorization, Required:N, Caching:N
/ GET集成请求
Integration Type: Lambda Function
Use Lamba Proxy Integration: N
Lambda Region: eu-west-1
Lambda Function: my-lambda-function
Invoke with caller credentials: N (it does not allow me to check this box)
Use Default Timeout: Y
*HTTP Headers*
Name: Authorization, Mapped From: method.request.header.Authorization, Caching: N
认知设置
谢谢!