AWS Api Gateway Authorizer + Cognito user user pool does not work {"message": "Unauthorized"}

Question

AWS Api Gateway Authorizer + Cognito user user pool does not work {"message": "Unauthorized"}

I am trying to use the AWS API Gateway Authorizer with a Cognito user pool. It works fine when I test using the aws api gateway console.

But when I try to enable authorization in the API, it says "message": "Unauthorized". authorized "message": "Unauthorized". Please check below screenshot

API Gateway Console Screenshot - This Works Great

Postman screen shot - not working

Can someone help please.

For your information, I followed the instructions given here http://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-integrate-with-cognito.html

+9

amazon-web-services aws-api-gateway aws-cognito

Manivannan guru 21 sept '17 at 13:17

source share

5 answers

Miles · Answer 1 · 2017-12-03T05:35:28+0000

I tried the Mathias solution and at first it didn't work. Oddly enough, I can return to it after a few hours and try again, and this time made some other changes to my API gateway before deploying the API. This time it worked, although the other changes that I made were superficial.

Also, as is often the case, AWS docs are erroneous, stating that you should use method.response.header.Authorization . This is only true for Lambdas using custom auth. You really should only use Authorization here when using the new Cognito authorized user pool.

Use Authorization not method.response.header.Authorization
Make a surface change to your resource in the API gateway
Expand your API and wait a second

- change -

I just converted my stack to Cloudformation and found out that if you use Cloudformation to deploy Authorizer, you really need to specify the full method.response.header.Authorization for the token source. In fact, stack deployment will fail if you do not use this format. However, after deployment, if you look at the Authorizer in the console, it will lose part of method.response.header .

Mathias · Answer 2 · 2017-09-29T14:30:33+0000

I had the same problem as you, and realized that I entered the wrong source of tokens.

Enter <your API> -> Authorizers -> Token Source name of the HTTP header in which the API gateway should look for the token. (in your case Authorization )

Save it and remember to deploy it before testing it.

Long nguyen · Answer 3 · 2018-06-29T18:02:10+0000

In my case, the authorization code should be id_token . I made a mistake to use access_token instead

raphadko · Answer 4 · 2018-04-01T11:39:32+0000

I had the same problems, the solution was just to redeploy the project.

C.Lee · Answer 5 · 2018-12-18T22:13:59+0000

The following steps solve the problem for me. In short, there seems to be a bug in the AWS API Gateway. You can fix this by redeploying the API:

Change the query validator from NONE to Validate Body
Actions → Deploy API → select the stage where you want to deploy it.
Change the query validator from the validation body to NO
Repeat step 2.

AWS Api Gateway Authorizer + Cognito user user pool does not work {"message": "Unauthorized"}

More articles: