在 API Gateway 和 Cognito 用户池中使用授权方
[英]Using Authorizers in API Gateway and Cognito User Pools
问题描述
I've managed to setup a third party google login by integrating it with Cognito user pools.
我设法通过将第三方谷歌登录与 Cognito 用户池集成来设置它。 On successful sign-on, I am able to access an id_token as a query parameter in the redirect url.成功登录后,我可以访问 id_token 作为重定向 url 中的查询参数。
I'm trying to sign REST calls to API gateway using this id_token.我正在尝试使用此 id_token 对 API 网关的 REST 调用进行签名。 I have an authorizer configured on that particular API using Cognito user pools.我使用 Cognito 用户池在该特定 API 上配置了一个授权方。 When I try to test this on the Authorizer UI by setting the Authorization(header) field to this id_token which I received as a query parameter, I keep getting an Unauthorized request error.当我尝试通过将 Authorization(header) 字段设置为我作为查询参数收到的这个 id_token 来在 Authorizer UI 上测试它时,我不断收到未经授权的请求错误。
Also, I have configured an IAM policy for my user according to this doc: https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-user-pool-authorizer-permissions.html此外,我已根据此文档为我的用户配置了 IAM 策略: https : //docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-user-pool-authorizer-permissions.html
Can someone help me with what I'm doing wrong?有人可以帮助我解决我做错了什么吗?
Thanks谢谢
1 个解决方案
解决方案1
0 2019-12-18 23:46:46
Turns out you have to pass the access_token that Cognito returns as part of the authorization header.事实证明,您必须传递 Cognito 作为授权标头的一部分返回的 access_token。 You can try if your access token works by testing it in the UI offered by the Authorizor interface of API Gateway.您可以通过在 API Gateway 的 Authorizor 接口提供的 UI 中对其进行测试来尝试访问令牌是否有效。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.