Secure the AWS API Gateway with Cognito User Pools & Cognito Authorizer
ฝัง
- เผยแพร่เมื่อ 22 มี.ค. 2023
- By default your API Gateway endpoints are not secured so anyone with the link can access it. In a real world scenario you would want to secure them so your users first need to authenticate and provide a token so they can be authorized.
One of the services you could use for managing your users and the sign-up/sign-in flows is Amazon Cognito. In this video I am going to show you how to set up this whole flow, creating a User Pool, signing up and signing in users, then getting the id_token and provide this to the API Gateway, in the Authorization header.
Also we're going to setup the Cognito Authorizer in API Gateway which will handle this authorization flow.
If you liked this video please click on the like button! There's a new video on Majestic.cloud once a week so if you want to stay updated and don't want to miss any new videos then please subscribe to the channel!
Visit the site: majestic.cloud
Follow me on Twitter:
/ lacisoft (László)
/ cloud_majestic (Majestic.cloud)
Follow on Facebook: / majesticcloudcomputing - วิทยาศาสตร์และเทคโนโลยี
Thank you so much. Your content helped me
Thanks for this video. Saved me a ton of time
Glad it helped
Question: What's the access token for? Can you use that instead of the id token?
Great Video! Thanks a lot, but how can I have the data used in registration ex email be used and saved in the backend which is also a lambda
Hello, how can I use this without the hosted UI at all?
Hi! I have one question, though. Requests to the API work fine from Postman once I've added the Cognito authorizer. But I'm now getting a CORS error when calling the api from my localhost. Do you have any suggestions? Thank you
Postman is not a browser so it doesn't enforce CORS policy. However in other places such as a browser you might have CORS enforcement. So you need to enable CORS headers (Access-Control-Allow-Origin) in API Gateway so they are returned with every response.
Very helpful. The cognito documentation is very bad at showing how to actually get a token.
Good.
What if a Lambda Function is returning HTML Code. How to authenticate that? In simple words, if the Authentication Header is not present or is not valid, how to redirect to the Cognito UI?
hey, have you figured out the approach to achieve this with cookies?
Thanks!
You're welcome and thank you too!
Good