- 최신
- 최다 투표
- 가장 많은 댓글
When you define app client settings in your pool you can define which scopes the client will be allowed. The scopes you defined for your resources should appear under "Allowed Custom Scopes". In that case the clients will have not access to more scopes than what you defined. They could ask for it, but they will not get it.
There is also this article published in knowledge center that explains the process better end-to-end https://aws.amazon.com/premiumsupport/knowledge-center/cognito-custom-scopes-api-gateway/
Hi Farzan,
You could do what you want using Cognito user pools by defining app clients, Resource servers and scopes. You can then secure your apis in AWS API Gateway using CognitoUserPoolAuthorizer and previously defined scopes on resource methods.
Check https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-define-resource-servers.html and https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-enable-cognito-user-pool.html
Thanks for your help.
But I think in that case my clients can ask for any scopes they want and I'm not able to control whether the requested scopes are accessible for them or not.
관련 콘텐츠
- AWS 공식업데이트됨 3년 전
- AWS 공식업데이트됨 2년 전