Access to an AWS API Gateway with Cognito connected with Facebook in JavaScript

Question

I am trying to access to my AWS API Gateway from a user connected with Facebook.

First, I tried to use a Cognito with a simple userpool (without Facebook login), my user can login by sending a username and a password, Cognito send me back an accessToken that I use to go through the autorizer of my API and then access to my controller. Everything works fine.

Then, I wanted to connect to my API using Facebook. So I did this:

AWS.config.region = 'eu-west-1';
AWS.config.credentials = new AWS.CognitoIdentityCredentials({
IdentityPoolId: {myIdentityPoolId},Logins: {
           'graph.facebook.com': {myFacebookToken}
         }
    });

AWS.config.credentials.get(function(err) {
    if (err)
        console.log(err);
    else {
        console.log("Cognito accessKeyId ", AWS.config.credentials.accessKeyId);
        console.log("Cognito secretAccessKey ", AWS.config.credentials.secretAccessKey);
        console.log("Cognito sessionToken ", AWS.config.credentials.sessionToken);
        console.log("Cognito Identity Id ", AWS.config.credentials.identityId);
    }
 });

Everything seems to be fine, I received the accessKeyId, secretAccessKey, sessionToken, an identity ID, but what am I suposed to do then to access to my API.

In the configuration of my API I cannot create a Authorizer only with a userpool but not with a the federated entities.

Actually I don't understand the purpose of federated entities. If someone could help me or give me a basic example of a facebook connection that would be great.

Thanks !

Answer 1

This question has been answered quite precisely in this post. As mentioned there, you will have to use IAM_AUTH in API Gateway, and sign your requests with tokens you get from Cognito Identity. More information on how to sign requests is here.

Thanks! Ritisha.