thanks for this video, i spent days having issues with API Gateway with cognito authorizer because of the AddDefaultAuthorizerToCorsPreflight. Thank you very much!
Hi, I like your video, but I have a few questions. Why did you use Id token instead of access token? I have read we are not supposed to use the Id token to authorize a call, and I wish you would go a litter further and show how to identify the logged in user in the lambda.
Hello Marcia, thank very much for your videos. Would you create this video using serveless framework? are you continue working with serverless framework? or now you are using only SAM?
A user pool authorizer is simpler than using IAM authorizers. However it is also less fine grained. Using a IAM authorizer you can make a difference between admin and user. Or you can give access to specific resources of your API. When using user pool authorizer we just check if the client has a valid token that was issued by the user pool
Hey @FooBar this was an informative video. But you keep saying in most of your videos that you will share the links in the description, but when I check the description section I don't see any link!!!
Thanks Marcia! I just have a question. How can I do if I have public endpoints under "/public/xxxx" paths(does not require authentication), and protected endpoints under "/auth/xxx" path (Auth required), I'm using SAM Api GW + lambda with Cognito Authorizer. Is that possible? Can I put that condition in some place of my SAM definition?
After 7:42 when I run npm run deploy , I got "Error: Unable to upload artifact ./hello referenced by CodeUri parameter of HelloFunction resource. An error occurred (AccessDenied) when calling the PutObject operation: Access Denied---what to do?
you can find pricing here. aws.amazon.com/api-gateway/pricing/ i dont think there is any extra cost by adding authorizers. But if you will be executing a lambda as an authorizer then you need to pay for it.
It is used when using an IAM authorizer in one of the previous videos. Then you are exchanging your token for temporary IAM credentials. Therefore you need an identity pool. In this case we are using "User Pool authorizer" . Thus we are just checking if the user/client/caller has a valid token which was issued by the user pool.
@@foobar_codes no problem, I have to figure out how to authenticate users from a reactjs website, using cognito inside a vpc, I have no internet access or nat gateway, what a mess!
No, they are supposed to be public. However in this case we have a preSignUpLambda which autoConfirms the user. That indeed exposes you to be flooded with fake user registrations. I think here the preSignUpLambda is used cause it simplifies things for the demo. This way we do not have to confirm our user by email for example. Here you can find a little more info: stackoverflow.com/questions/47833797/are-the-cognito-user-pool-id-and-client-id-sensitive
Your videos are always helpful. I need help with setting up my serverless framework for the app integration. How can I set up app client settings using the serverless framework?
Si esta usando solo con usuarios de iam con acceess key y secretkey si lo debes hacer manual en la consola o por medio de sdk, si estas usando cognito con identity pool creará credenciales temporales para ejecutar el recursos, cognito administrará los tokens
This was great but when i click on the "Open Hosted UI" i get am error and i cant figure out why? error: TypeError: Cannot read property 'token' of undefined AuthClass../node_modules/aws-amplify/lib/Auth/Auth.js.AuthClass.federatedSignIn node_modules/aws-amplify/lib/Auth/Auth.js:1318
Hi Marcia, Would you agree to marry me? Now, can you explain how to authenticate API gateway Websocket using Cognito. The route $connect only accept IAM or Lambda Authorizers, just in case I have to authenticate the user, get the JWT from Cognito and pass it to the Lambda function (in URL or header request). Then the Lambda function has to manually check the token validity and generate the police. It is a mess, but the only way I found it until now. Thanks so much.
13:35 - yes "custom_header" is supper important. Thank you!
thanks for this video, i spent days having issues with API Gateway with cognito authorizer because of the AddDefaultAuthorizerToCorsPreflight. Thank you very much!
Glad it helped
Awesome. I tried this today but you have explained it in a very easy to underatand way. Thanks
Can you also make a tutorial on how to make api call for unauthorised user with cognito authorization
very informative. Thank you!
your welcome :D
1 - Thank you for this video!
2 - Could you link us the blog post mentioned at ~8:25 ?
Hi, I like your video, but I have a few questions.
Why did you use Id token instead of access token? I have read we are not supposed to use the Id token to authorize a call, and
I wish you would go a litter further and show how to identify the logged in user in the lambda.
Hello Marcia, thank very much for your videos. Would you create this video using serveless framework? are you continue working with serverless framework? or now you are using only SAM?
for serverless framewokr there is a video :D ruclips.net/video/4QwWY9Fg4p4/видео.html
i will keep doing videos of both
Could you please specify the advantage of cognito user pool authorizer over IAM authorizer?
A user pool authorizer is simpler than using IAM authorizers. However it is also less fine grained.
Using a IAM authorizer you can make a difference between admin and user. Or you can give access to specific resources of your API.
When using user pool authorizer we just check if the client has a valid token that was issued by the user pool
Hey @FooBar this was an informative video. But you keep saying in most of your videos that you will share the links in the description, but when I check the description section I don't see any link!!!
Its there.
@@foobar_codes My bad! I found them. I was checking below the video canvas. Thanks!
Thanks Marcia! I just have a question. How can I do if I have public endpoints under "/public/xxxx" paths(does not require authentication), and protected endpoints under "/auth/xxx" path (Auth required), I'm using SAM Api GW + lambda with Cognito Authorizer. Is that possible? Can I put that condition in some place of my SAM definition?
I've been pulling my hair out for the last week to do this. YOU THE BEST
After 7:42 when I run npm run deploy , I got "Error: Unable to upload artifact ./hello referenced by CodeUri parameter of HelloFunction resource.
An error occurred (AccessDenied) when calling the PutObject operation: Access Denied---what to do?
What is the pricing when using the API Gateway features Cognito User Pool Authorizer or lambda authroizer?
you can find pricing here. aws.amazon.com/api-gateway/pricing/
i dont think there is any extra cost by adding authorizers. But if you will be executing a lambda as an authorizer then you need to pay for it.
Why are we removing the identity property? What is it good for?
It is used when using an IAM authorizer in one of the previous videos. Then you are exchanging your token for temporary IAM credentials. Therefore you need an identity pool.
In this case we are using "User Pool authorizer" . Thus we are just checking if the user/client/caller has a valid token which was issued by the user pool.
Do you have a tutorial with alb+cognito,?
no :(
@@foobar_codes no problem, I have to figure out how to authenticate users from a reactjs website, using cognito inside a vpc, I have no internet access or nat gateway, what a mess!
Is dangerous see the data that identity user pool id and the client id ?
No, they are supposed to be public. However in this case we have a preSignUpLambda which autoConfirms the user.
That indeed exposes you to be flooded with fake user registrations.
I think here the preSignUpLambda is used cause it simplifies things for the demo. This way we do not have to confirm our user by email for example.
Here you can find a little more info: stackoverflow.com/questions/47833797/are-the-cognito-user-pool-id-and-client-id-sensitive
Your videos are always helpful. I need help with setting up my serverless framework for the app integration. How can I set up app client settings using the serverless framework?
This can help you get started: ruclips.net/video/4QwWY9Fg4p4v/видео.html .
Hi I like the video as well.
Thanks
What will happen when the token expires? Will the refresh token be used automatically to get a new IdToken or will I have to login again?
Si esta usando solo con usuarios de iam con acceess key y secretkey si lo debes hacer manual en la consola o por medio de sdk, si estas usando cognito con identity pool creará credenciales temporales para ejecutar el recursos, cognito administrará los tokens
Hello Can you make one video on single Sign On using cognito?
Also, please make one video in importing .csv file in userpool
This was great but when i click on the "Open Hosted UI" i get am error and i cant figure out why?
error: TypeError: Cannot read property 'token' of undefined
AuthClass../node_modules/aws-amplify/lib/Auth/Auth.js.AuthClass.federatedSignIn
node_modules/aws-amplify/lib/Auth/Auth.js:1318
I have the same problem
Is there a version of this tutorial for the serverless framework?
there is :D ruclips.net/video/4QwWY9Fg4p4/видео.html
nice, pleace, subtitle in spanish or spanish video!!! YOU HAVE ME LIKE!!!
Hi Marcia, Would you agree to marry me?
Now, can you explain how to authenticate API gateway Websocket using Cognito. The route $connect only accept IAM or Lambda Authorizers, just in case I have to authenticate the user, get the JWT from Cognito and pass it to the Lambda function (in URL or header request). Then the Lambda function has to manually check the token validity and generate the police. It is a mess, but the only way I found it until now. Thanks so much.