love that you don’t scrub the mistakes out of your videos. thats how real life goes, and i feel it’s important for those new to the industry to see their seniors working through mistakes. great video.
Great video! At this point 23:45, to avoid having to manually change from "code" to "token" in the redirect, you just have to select "Implicit grant" only when setting the OAuth 2.0 Auth Flow at 7:20!
Was stuck with this for a couple of hours now. Didn't realize that you need to deploy the API after making changes. This video really helped me. Thanks!
THANK YOU!!! I spent my entire day trying to figure out why I wasn't getting the id_token returned and it was because the URL i was using didn't have openid added to the URL!!!! I read every doc and stack overflow article I could find, thank you for making this video!! You got yourself another subscriber :D
Love this video! The only thing I've found different in my scenario is that passing the Authorization header won't work with the access token. It only works with the id token for some reason
BeABetterDev: Thanks for putting this video together. I followed the API Gateway Lambda one and this version with Cognito. The option is Cognito is much richer and I will be exploring it with my app. It is good that the video is also an actual workthrough with details and it was easy and nice to follow and I was able to replicate the results.
Hi I love the pace & no fluff! I have 2 questions: 1) Can you use user pool authorizers with federated ID integration (like with AzureAD)? User will be using SSO. and 2) does this remove the need/use-case for Lambda@Edge?
This video along with your RDS lambda integration video is pretty much all you need to get a robust web app going super quickly. Great content. EDIT: In case you ever read this, do you have any insight how you might apply RBAC with this strategy?
This was a brilliant tutorial. I have watched many videos from various people on youtube, udemy and you name it, I have been on the sites. Yet you talked in such a, lets get this done and ill show you manner instead of lots of talking but spoke about a process when needed was just great. I learned alot from this, thank you. I subbed and liked this video.
Thank you so much for your kind words Daryl. I always try to present my content in a relatable way that synthesizes the complexity of a topic into an easy to understand presentation. I'm glad you found this useful - and thank you for the kind words! Daniel
This video made me subscribe to your channel immediately. It's impressing how easy to understand from you, especially after spending hours on understanding nothing about the topic.
Thanks for this, just what I needed. Next, can you show how to provide access to user to a subset of lambda functions or APIs, instead of access to all?
If I understand correctly what you did is basically by writing token into the URL you switched from "Authorization code" grant to "Implicit" grant type. If you're using a URL that's outside of AWS and travels through the web use code instead and use the Token endpoint of the identity provider (in this case Cognito), to get a token in the Body, and post it as a header in the HTTP Request, not as the part of the URL itself.
23:49 I guess you don't have to do that manually if you allow only the 'Implicit grant' when you check the 'Allowed OAuth Flows' section at 7:25 which would set the response_type to token automatically. But, this is not suggested unless you're using a Single Page App without any backend
Great explanations!! One question, on authorizer test , you used Token id but calling the api path from Postman you put in header the access token instead. Whats the difference and why each one needed in the corresponding scenario?
Currently running into issues trying to adapt this to the "HTTP API" on API Gateway to use Cognito User Pools as an authorizer but stumbling on the step about JWT as a source. I'll fumble my way through it and I wanted to say that I am grateful your content getting me this far. Authorizing the new HTTP API Gateway could be another idea for content if that's something to add to your list of content ideas. Thanks for the high quality content though ^_^
Hey josh, Have you tried taking a look at my video on HTTP APIs in API Gateway? I think you can possibly combine the content from this video and the one below. th-cam.com/video/M91vXdjve7A/w-d-xo.html Hope this helps. Daniel
@@BeABetterDev thanks for the reply. I managed to fumble my way through it with this video th-cam.com/video/o7OHogUcRmI/w-d-xo.html The one you just linked me, filled in some gaps for me about logging and cloud watch. 👏 Thanks again for all of your content. I’ve smashed the like 👍 button on all the videos that I have watched (to feed the algorithm).
Daniel excellent. Covered much in the 30 minutes. I am a bit confused about JWT Id Token vs Access Token which one to use in the Authorization Header. While testing the Cognito UserPool you have used JWT Token vs While testing the API used Access Token.
So nice video, I love it, can I ask to get the token, you ammend the URL from code to token, however if my user wants to get this value programmatically, how they would do that?
This video is amazing! Very generous of you to take time and publish this for public viewing. Just out of curiosity is it possible for a user to login via the HostedUI and then have access to api gateway via the browser? If you don't have tech savy customers they likely don't want to access the API via Postman but would prefer to just login and have access, any chance if you know this is possible ? Thanks so much again :)
Hi Jonathan, Hm, I don't think this is possible using any out of the box tools unfortunately. Sorry to share the bad news. I think it wouldn't be too much work to create a simple React app with a couple input boxes / text areas to call the corresponding UI once logged in. Thanks so much for the kind words! Daniel
Thanks for the great video! I'd gotten past the initial login step just fine but had no idea what to do with the tokens passed back. Got a bit of template work to do linking the Lambdas/Gateway/Cognito but it should be easy peasy thanks to your demo.
Hi, thanks for making this, it was super helpful, and well explained I was able to get everything from the tutorial working, but once the lambda is called, I'd like to access the cognito user id so that I can update user specific information. I was hoping that apigateway would pass along the user id and/or token over to lambda, but it doesn't. How would you handle this? EDIT: Figured it out, I had to check the "Use Lambda Proxy Integration" at 17:46. Then all the header/query info become available through the lambda event variable
When I test the authorizer it works. When I call the lambda function from Postman I get {"message":"Unauthorized"}. I pass the same token in the Authorization header. Also I get "Unable to interpret authorizer type of COGNITO_USER_POOLS" when I run "aws apigatewayv2 get-authorizers"
I am confused with the ending of the video. Postman just tests the request? How would I go from here so that each endpoint accepts the user with the Key and Value he shows in postman? Will it be done programmatically? Via AWS?
Great video. I think there's a little change in the way the authorization token is validated in the api gateway, in order to send a request using postman make sure you send the token using the Authorization tab and selecting "Bearer " on the dropdownlist. Do not include the token on the URL as this will not be correctly authorized by api gateway.
love that you don’t scrub the mistakes out of your videos. thats how real life goes, and i feel it’s important for those new to the industry to see their seniors working through mistakes. great video.
Mistakes happen in real life! Its important to see the whole process :D
Great video!
At this point 23:45, to avoid having to manually change from "code" to "token" in the redirect, you just have to select "Implicit grant" only when setting the OAuth 2.0 Auth Flow at 7:20!
Thank you:)
Thank you so much
Thank you.
Who were those with 5 downvotes?
Perhaps this was one of the best and easiest tutorials to understand the concepts.
Was stuck with this for a couple of hours now. Didn't realize that you need to deploy the API after making changes. This video really helped me. Thanks!
You're very welcome!
THANK YOU!!! I spent my entire day trying to figure out why I wasn't getting the id_token returned and it was because the URL i was using didn't have openid added to the URL!!!! I read every doc and stack overflow article I could find, thank you for making this video!! You got yourself another subscriber :D
Hi Jake,
Super glad I was able to help you out. Thanks so much for the kind words and welcome to the channel!
Daniel
I had clicked “like” even before watching this guy’s video.
Thank you so much for your support!
I thumbs up your comment before liking and watching the video. This comments is all I needed to know 😂
Mind blown... Was looking for exactly this. Fantastic.
Glad you enjoyed Rohit!
this just saved a ton of time. Forgot to deploy API and was using the test URL or some shit. Thanks bro
You're very welcome Scott! I've been bitten by that problem too many times.
You're an absolute mad lad! saved me hours of reading docs lol
You're very welcome Cachuela!
Thanks. I was waiting to see at the end the web page with the fields requesting for username and pw
Love this video! The only thing I've found different in my scenario is that passing the Authorization header won't work with the access token. It only works with the id token for some reason
BeABetterDev: Thanks for putting this video together. I followed the API Gateway Lambda one and this version with Cognito. The option is Cognito is much richer and I will be exploring it with my app. It is good that the video is also an actual workthrough with details and it was easy and nice to follow and I was able to replicate the results.
Glad this was helpful!
Hello. Thank you so much. This step by step video is a gold mine !
You're very welcome Sebastien!
Hi I love the pace & no fluff! I have 2 questions: 1) Can you use user pool authorizers with federated ID integration (like with AzureAD)? User will be using SSO. and 2) does this remove the need/use-case for Lambda@Edge?
This video along with your RDS lambda integration video is pretty much all you need to get a robust web app going super quickly. Great content.
EDIT: In case you ever read this, do you have any insight how you might apply RBAC with this strategy?
This was a brilliant tutorial. I have watched many videos from various people on youtube, udemy and you name it, I have been on the sites. Yet you talked in such a, lets get this done and ill show you manner instead of lots of talking but spoke about a process when needed was just great. I learned alot from this, thank you. I subbed and liked this video.
Thank you so much for your kind words Daryl. I always try to present my content in a relatable way that synthesizes the complexity of a topic into an easy to understand presentation. I'm glad you found this useful - and thank you for the kind words!
Daniel
Thank you for your videos. They are amazing, the notification is enabled in order to receive news content 😀
Thanks Cas!
This video made me subscribe to your channel immediately. It's impressing how easy to understand from you, especially after spending hours on understanding nothing about the topic.
thanks u! I get stuck until get your video!
Glad I was able to help Long!
Thanks for great practical explanation! Very useful video.
Glad it was helpful!
This is amazing, this helps me a lot in building side projects user authentication!!
I want to thank you! This lesson was really helpful and straightforward. Congratulations!
You're very welcome Ricardo! Thanks for the kind words!
Thank you for the well explaination of the Cognito and the demo.. It worked smoothly for me following the steps you mentioned..
Bhai aapne balle balle karwa di!
amazing video, just right speed and right contents for api security with AWS
love this video, more on serverless architecture pls
Thanks Dee, more coming soon!
thank you very much, that's just what i needed
Top man! Thank you for creating this - and including the fail! lol
You're very welcome! The fails just adds to the realism :P
Cheers
@@BeABetterDev Hi 👋 Do you have a video walking through adding a cognito user to a dynamodb?
Thanks for making the tutorial video. This video helps me a lot.
Exactly what I was looking for. Thanks! You just got yourself another sub
Thanks Tonislav and welcome to the channel!
Excellent video
Thank you very much Fahim!
Could your make a Identity Pool video of how to set different users have different API permissions
Dude, this video is gold. Thank you 🙏
thank youuuu for this tutorial. Helped me a lot!!
You're very welcome!
Thanks for this, just what I needed. Next, can you show how to provide access to user to a subset of lambda functions or APIs, instead of access to all?
Great video its really helps me to secure apigateway with cognito userpool
Thank you so much
Very welcome
If I understand correctly what you did is basically by writing token into the URL you switched from "Authorization code" grant to "Implicit" grant type. If you're using a URL that's outside of AWS and travels through the web use code instead and use the Token endpoint of the identity provider (in this case Cognito), to get a token in the Body, and post it as a header in the HTTP Request, not as the part of the URL itself.
Freaking amazing video!! Kudos for u! Learned a lot!
You're very welcome Rodrigo!
Great work! I have learnt a lot from your video. Thank you and all the best :)
23:49 I guess you don't have to do that manually if you allow only the 'Implicit grant' when you check the 'Allowed OAuth Flows' section at 7:25 which would set the response_type to token automatically. But, this is not suggested unless you're using a Single Page App without any backend
Actually practical thanks a lot. This has helped me a lot.
you're a king
Any chance of a refresher video using the latest version of cognito and API gateway?
Great explanations!! One question, on authorizer test , you used Token id but calling the api path from Postman you put in header the access token instead. Whats the difference and why each one needed in the corresponding scenario?
Nicely explained! Even I understand it. :) Thank You!
Thanks etseale! Glad you enjoyed :)
thanks for that.. Hard to find someone going through custom domain in cognito..
Nicely explained
Awesome Man, Thanks for the hard way tip!! 😇😇
Awesome video, thanks bud!
You're very welcome Tasleem!
Amazing job,man. THANK YOU SO MUCH
Thanks for great explanation !
You are welcome!
This was awesome, but could you show how I could get from curl/Postman how to get the access token?
This was great! awesome job Daniel!
Thanks Craig! Glad you enjoyed :)
Awesome explanation
Superb video, great stuff many thanks for posting
This was so helpful--thanks a ton!
You're very welcome!
You are the best bro, thanks.
Thanks Jasu!
Currently running into issues trying to adapt this to the "HTTP API" on API Gateway to use Cognito User Pools as an authorizer but stumbling on the step about JWT as a source. I'll fumble my way through it and I wanted to say that I am grateful your content getting me this far. Authorizing the new HTTP API Gateway could be another idea for content if that's something to add to your list of content ideas. Thanks for the high quality content though ^_^
Hey josh,
Have you tried taking a look at my video on HTTP APIs in API Gateway? I think you can possibly combine the content from this video and the one below.
th-cam.com/video/M91vXdjve7A/w-d-xo.html
Hope this helps.
Daniel
@@BeABetterDev thanks for the reply. I managed to fumble my way through it with this video th-cam.com/video/o7OHogUcRmI/w-d-xo.html
The one you just linked me, filled in some gaps for me about logging and cloud watch. 👏
Thanks again for all of your content. I’ve smashed the like 👍 button on all the videos that I have watched (to feed the algorithm).
Thanks so much Josh! I'm glad you were able to work through it and appreciate the support! Thanks again and stay safe :)
Thanks a lot! Great explanation.
You're very welcome Pakito!
Daniel excellent. Covered much in the 30 minutes. I am a bit confused about JWT Id Token vs Access Token which one to use in the Authorization Header. While testing the Cognito UserPool you have used JWT Token vs While testing the API used Access Token.
Simple and super video...
Thank you!
Thanks, this is just an excellent tutorial !!!
Thanks V! Glad you enjoyed :D
Cool! awesome demo and great explanation.
Thanks Erick! Glad you enjoyed.
This is gold. Thanks man
You're very welcome Dek!
Thank you sir. Very helpful. You should ask for a raise. :)
Haha thanks megatron!
So nice video, I love it, can I ask to get the token, you ammend the URL from code to token, however if my user wants to get this value programmatically, how they would do that?
Nice explanation. Thank you
Thanks bro, nice video. Highly appreciate it.
Masterclass. Thank you 🙏🚀
You're very welcome Torey!
Excellent! Thanks so much!
you are a god.
thanks!
Thank you very much, this video helped me a lot.
You're welcome!
This video is amazing! Very generous of you to take time and publish this for public viewing. Just out of curiosity is it possible for a user to login via the HostedUI and then have access to api gateway via the browser? If you don't have tech savy customers they likely don't want to access the API via Postman but would prefer to just login and have access, any chance if you know this is possible ? Thanks so much again :)
Hi Jonathan,
Hm, I don't think this is possible using any out of the box tools unfortunately. Sorry to share the bad news. I think it wouldn't be too much work to create a simple React app with a couple input boxes / text areas to call the corresponding UI once logged in.
Thanks so much for the kind words!
Daniel
@@BeABetterDev i guess this answers my question.....
Thanks bro you saved me!!!!!!!! great video
Thanks for the great video! I'd gotten past the initial login step just fine but had no idea what to do with the tokens passed back. Got a bit of template work to do linking the Lambdas/Gateway/Cognito but it should be easy peasy thanks to your demo.
So nice & useful...
Very nice tutorial bro!
very helpful. Thanks a lot
You're very welcome!
Would love this in Terraform instead of the UI so that can examine the details in GitHub or something.
thank you very much bro i want to like that video 100000000 time
You're very welcome!
helpful video, thanks.
You're welcome!
Thank you for the lesson)
OMG...yes i need this useful video...
Thank you! Hope you enjoy :)
Excellent
Thanks a lot, you saved my day
This was great! Thanks a lot.
Now I just need to figure out how to IaC this with Terraform!
You're very welcome! For IaC, check out CDK! It can compile down to Terraform!
How can we give access to a specific API to a user using the cognito authorizer?
Hi, thanks for making this, it was super helpful, and well explained
I was able to get everything from the tutorial working, but once the lambda is called, I'd like to access the cognito user id so that I can update user specific information. I was hoping that apigateway would pass along the user id and/or token over to lambda, but it doesn't. How would you handle this?
EDIT: Figured it out, I had to check the "Use Lambda Proxy Integration" at 17:46. Then all the header/query info become available through the lambda event variable
Hi Arend, just got to this comment now - I see you got your question answered, glad to see. Thanks so much for the kind words and glad I could help!
Helped me a lot. Thank you!
Muy agradecido! Gracias!
You're very welcome Moises!
When I test the authorizer it works. When I call the lambda function from Postman I get {"message":"Unauthorized"}. I pass the same token in the Authorization header. Also I get "Unable to interpret authorizer type of COGNITO_USER_POOLS" when I run "aws apigatewayv2 get-authorizers"
Thanks!
I am confused with the ending of the video. Postman just tests the request? How would I go from here so that each endpoint accepts the user with the Key and Value he shows in postman? Will it be done programmatically? Via AWS?
Great job. Please do you offer mentorship program. I need to lean more on AWS infrastructure projects
genius, brilliant
thank you
Good demo
Thanks.
Great video. I think there's a little change in the way the authorization token is validated in the api gateway, in order to send a request using postman make sure you send the token using the Authorization tab and selecting "Bearer " on the dropdownlist. Do not include the token on the URL as this will not be correctly authorized by api gateway.
Can you explain this a little more, please?
thank you for this video
You're very welcome Zanele!