AWS API Gateway Authorizer - Allow Cognito UserPool auth (via headers) and public access
Question
I have a single REST API endpoint which handles multiple operations based on the body of the request. Some of these operations are 'admin-only', so I added a JWT authorizer linked to my Cognito User Pool to allow me to check if the user is an admin. However, now EVERY request must have a JWT supplied via the Authorization header - unauthenticated requests do not work and are met with a {"message":"Unauthorized"} error.
Is there any way to stop the authorizer from blocking all unauthenticated traffic?
1 answers
solution1
0 2021-08-19 14:34:38
I resolved this issue by removing the authorizer and just implementing the JWT decoding/verification in the function itself using a modified version of this .
I learned that the purpose of an authorizer is to protect the function from unauthenticated access, not just to decode and get the claims from the JWT. In my use case, the authorizer was completely unnecessary.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.