Secure the AWS API Gateway with Cognito User Pools & Cognito Authorizer
HTML-код
- Опубликовано: 8 фев 2025
- By default your API Gateway endpoints are not secured so anyone with the link can access it. In a real world scenario you would want to secure them so your users first need to authenticate and provide a token so they can be authorized.
One of the services you could use for managing your users and the sign-up/sign-in flows is Amazon Cognito. In this video I am going to show you how to set up this whole flow, creating a User Pool, signing up and signing in users, then getting the id_token and provide this to the API Gateway, in the Authorization header.
Also we're going to setup the Cognito Authorizer in API Gateway which will handle this authorization flow.
If you liked this video please click on the like button! There's a new video on Majestic.cloud once a week so if you want to stay updated and don't want to miss any new videos then please subscribe to the channel!
Visit the site: majestic.cloud
Follow me on Twitter:
/ lacisoft (László)
/ cloud_majestic (Majestic.cloud)
Follow on Facebook: / majesticcloudcomputing
Thank you. Very clear and saved some hours trying to configure it!
Thank you that explanation was clear and very helpful to visualize. Well done on a clean explanation
Question: What's the access token for? Can you use that instead of the id token?
Thanks for this video. Saved me a ton of time
Glad it helped
Thanks!
You're welcome and thank you too!
Great video! Helped heaps. Just a question, how might I be able to set up the exchange of the authorization code for the tokens in my application?
Thank you so much. Your content helped me
Lo mejor que encontre!!! cuanto tiempo puede durar el Token??? se puede revocar el Token cada vez que se invoque al Lambda? Saludos
Thank you! But its a good practice to send Access Token instead of IdToken. How can we set that up?
did you find out how to use access token instead?
I have a question
how can I use the access token instead of the id token in the api gateway?
Hello, how can I use this without the hosted UI at all?
I got this error "An error occurred (InvalidParameterException) when calling the AdminInitiateAuth operation: Auth flow not enabled for this client' When I tried to run your command to get token.
Great Video! Thanks a lot, but how can I have the data used in registration ex email be used and saved in the backend which is also a lambda
What if a Lambda Function is returning HTML Code. How to authenticate that? In simple words, if the Authentication Header is not present or is not valid, how to redirect to the Cognito UI?
hey, have you figured out the approach to achieve this with cookies?
Very helpful. The cognito documentation is very bad at showing how to actually get a token.
Hi! I have one question, though. Requests to the API work fine from Postman once I've added the Cognito authorizer. But I'm now getting a CORS error when calling the api from my localhost. Do you have any suggestions? Thank you
Postman is not a browser so it doesn't enforce CORS policy. However in other places such as a browser you might have CORS enforcement. So you need to enable CORS headers (Access-Control-Allow-Origin) in API Gateway so they are returned with every response.
Good.
Good