2 Answers
- Newest
- Most votes
- Most comments
0
Hi,
Please, follow https://repost.aws/knowledge-center/api-gateway-cognito-401-unauthorized to troubleshoot your http 401 error in your use case.
Best,
Didier
0
When you have scopes set on the COGNITO_USER_POOL
Authorizer, can you confirm that all of the necessary scopes are present in your token when looking in jwt.io?
In your screenshots you have scopes requested for the implicit grant where you're passing an ID Token, and no scopes requested when using the Authorization grant flow and then using the Access Token. That seems reversed. When your API Gateway Cognito Authorizer has scopes set, you need to use the acccess token, and request those specific scopes via your PostMan configuration.
answered a month ago
Relevant content
- asked 2 years ago
- asked 5 years ago
- asked a year ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 4 months ago
Thank you for the suggesion I have gone through this already. I have checked that: The decoded token issuer matches my Cognito pool The token is not expired redirect_url matches the App configuration - otherwise, I would not even be able to generate tokens I checked the scope to include openid and I see the same scope in the decoded token payload. There is no additional resource policies because when I remove cognito authoriser from API, I can reach it.