【以下的问题经过翻译处理】 使用Cognito的API Gateway HTTP要求在Authorization标头中包含JWT令牌。这在使用Swagger Editor进行测试时可能会带来问题,因为Swagger Editor在Authorization标头中默认包含"Bearer"关键词。是否有一种方法可以配置API Gateway以接受带有"Bearer"关键词的JWT令牌呢?
OpenAPI 模版:
securitySchemes:
AwsOAuth2:
type: oauth2
flows:
implicit:
authorizationUrl: https://auth.ourdomain.com/login
scopes:
aws.cognito.signin.user.admin: Gives you access to all the User Pool APIs that can be accessed using access tokens alone
email: Grants access to the email and email_verified claims. This scope can only be requested with the openid scope.
openid: Returns all user attributes in the ID token that are readable by the client. The ID token is not returned if the openid scope is not requested by the client.
phone: Grants access to the phone_number and phone_number_verified claims. This scope can only be requested with the openid scope.
profile: Grants access to all user attributes that are readable by the client. This scope can only be requested with the openid scope.
x-amazon-apigateway-authorizer:
identitySource: "$request.header.Authorization"
jwtConfiguration:
audience:
- "xxxxxxxx"
issuer: "https://cognito-idp.eu-west-1.amazonaws.com/eu-west-1_xxxxxxx"
type: "jwt"
security:
- AwsOAuth2: []
在 OpenAPI Swagger 编辑器中生成以下 curl 请求:
curl -X 'GET' \
'https://api.ourdomain.com/0.5/app-user/heyho' \
-H 'accept: application/json' \
-H 'Authorization: Bearer eyJraWQiOiJ1aVcwc3Exxxxxxxxxxxx'
问题在于,当与Cognito集成时,这种带有Bearer的标头将被API Gateway HTTP拒绝。它要求像这样的标头(不包含Bearer):
-H 'Authorization: eyJraWQiOiJ1aVcwc3Exxxxxxxxxxxx'