Testing Cognito user pool auth with API gateway

1
votes

I would like my client application to insert records in my dynamoDb instance using API gateway secured with Cognito user pools.

I have created my user pool and added it as an authorizer to my API gateway method call. Using AWS Cli I ran the following command which gave me my access token:

aws cognito-idp initiate-auth ...

My infrastructure seems to be working, now which direction do I need to go to pragmatically achieve signing-in as my user in the user pool, grabbing the token and calling my API method?

1
amazon-web-servicesaws-api-gatewayamazon-cognito

1 Answers

2
votes

Well it's not difficult. You need to follow certain steps.

  1. Create an user in Cognito user pool. Confirm it, by the means of activation message you have chosen. It can be sms or email as per the user pool settings.

  2. After you confirm the user, you need to call the login API from Cognito SDK. Since I am comfortable in NodeJS, let me grab the method name - https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html. Set AuthFLow to ADMIN_NO_SRP_AUTH .The response from this APi will have one idToken, one accessToken and one refreshToken. Since you need these credentials at your client, write an API in your preferred language, expose it your client and return the tokens.

  3. Use the idToken to make API calls to your API Gateway Authorizer. This is how you pass the token using Postman -

enter image description here

You can replicate the same using any client. If you face any error, It'd be better if you show me your APIG authorizer configuration.