Postman connection to API Gateway with Cognito

0

I have been trying to figure out how to connect to AWS API Gateway that has cognito Authoriser for a long time and I cannot figure it out. Here are the steps that I have tried. I have set up the Cognito user pool and attached it to Authoriser. With Postman I managed to get Token ID and Access token and I can decode them using JWT.io and see the information in the token. I have tried with Postman to use Implicit grant and successfully received the token and I have also tried Authorization code and also successfully received both ID and Access tokens.

I have tried setting the scopes on the API Endpoint and removing them from the API endpoint. I have tried Cognito Application Integration of a new app with Client Secret and Without Client Secret. And no matter what I try, I still cannot access the API and any token I try is not validated against the Authoriser.

Authorisaton Failure Enter image description here Enter image description here Enter image description here Enter image description here

2 Answers
0

Hi,

Please, follow https://repost.aws/knowledge-center/api-gateway-cognito-401-unauthorized to troubleshoot your http 401 error in your use case.

Best,

Didier

profile pictureAWS
EXPERT
answered a month ago
profile picture
EXPERT
reviewed a month ago
  • Thank you for the suggesion I have gone through this already. I have checked that: The decoded token issuer matches my Cognito pool The token is not expired redirect_url matches the App configuration - otherwise, I would not even be able to generate tokens I checked the scope to include openid and I see the same scope in the decoded token payload. There is no additional resource policies because when I remove cognito authoriser from API, I can reach it.

0

When you have scopes set on the COGNITO_USER_POOL Authorizer, can you confirm that all of the necessary scopes are present in your token when looking in jwt.io?

In your screenshots you have scopes requested for the implicit grant where you're passing an ID Token, and no scopes requested when using the Authorization grant flow and then using the Access Token. That seems reversed. When your API Gateway Cognito Authorizer has scopes set, you need to use the acccess token, and request those specific scopes via your PostMan configuration.

AWS
answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions