Let's configure AWS cognito to secure our AWS API Gateway.
Open AWS Cognito:
Create a default User Pool
After the pool is created, go back into the setup and create an app client
Update the App Client Settings
Add a domain to host your auth pages
Go back into "App client settings" and "Launch Hosted UI".
Now to secure your API, within your AWS API Gateway configuration, create a Cognito Authorizer
Now secure an API endpoint by updating the "Method Request" of that method, You might need to refresh your browser to update list of authorizers.
Re-deploy the API and test the endpoint. You now get the following response
{"message":"Unauthorized"}
Let's get a token. Go back to the Cognito HostedUI SignIn page and request a token by changing the "code" query string param to "token" because we'd like the Cognito service to return a token on successful login.
https://app2.auth.eu-west-1.amazoncognito.com/login?client_id=xxxxxxxxxxxx&response_type=token.....
on successful sign-in an id_token and access_token will be returned in the url. Retrieve the access_token.
To now access the secure endpoint, we now need provide an access token in the "Authorization" header
GET https://xxxxxxxx.execute-api.af-south-1.amazonaws.com/dev
Authorization: vLnNpZ25pbi51c2Vy...
We now get the response:
{"message":"Welcome to My Secure API"}
Done!
Top comments (0)