Serverless authorizer as AWS user pool

1
votes

I'm trying to limit access on a service endpoints to a specific user pool (ie admin).

From my understanding of the documentation (https://serverless.com/framework/docs/providers/aws/events/apigateway/) this should be possible by setting

get:
  handler: functions/get.main
  events:
    - http:
        path: /
        method: get
        cors: true
        authorizer: "arn:aws:cognito-idp:eu-west-2:####:userpool/eu-west-2_xET8A8Kui"

Deploys fine and appears correctly in the API gateway for this endpoint

screen shot of API gateway

Problem is any calls via AWS Amplify (React integration) to the API result in a 401 error! If I put the authorizer back to aws_iam it works fine.

Where can I even begin to debug this? I can't find any specific logs or reason why this is failing.

2
amazon-web-servicesaws-api-gatewayamazon-cognitoserverless

2 Answers

1
votes

How you have things setup should work (I have that working - just a User Pool).

You will need to pass the idToken you received from your Amplify auth call in the Authorization header:

Authorization: Bearer eyJraWQiOiJ4T2NLWG5GakljWE...

Make sure to use the idToken, not the accessToken.

0
votes

Last time I checked amplify only supported IAM Auth not user pool auth. You can use an identity pool with your user pool and still use IAM via your user pool.