How can I authenticate my api gateway with cognito?

0
votes

I deployed REST API gateway on AWS and configure it as a http pass through to my website. When I open API gateway endpoint in browser, it will show my website which is expected.

Now I am going to authenticate API gateway endpoint with cognito and I have configured it by this instruction: https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-integrate-with-cognito.html

So in API gateway, I added a authorizer and put cognito user pool with it.

enter image description here

what I am expecting is when open the API gateway endpoint in browser, it opens cognitor popup dialog to ask for username and password. But I can open the endpoint to view the website without any authentication. It seems configure the authorizer doesn't have any impact on my API. What did I do wrong?

1
amazon-web-servicesaws-api-gatewayamazon-cognito

1 Answers

1
votes

API gateway can't open cognito popup as you are accessing API and there is no application. You need to get authorization token separately and pass this token in Authorization header while calling API. Process is described in doc link that you have mentioned.

To call any API methods with a user pool enabled, your API clients perform the following tasks:

  1. Use the Amazon Cognito CLI/SDK or API to sign a user in to the chosen user pool, and obtain an identity token or access token.

  2. Use a client-specific framework to call the deployed API Gateway API and supply the appropriate token in the Authorization header.