Reputation: 879
Authorizing AWS API Gateway requests from token in query string
I have API Gateway set up with a Cognito authorizer that correctly authorizes any request with the id token in the header.
This is fine when requests are XHR based as I can add the header when preparing the request. However I can't add this when using <audio src="http://api-gateway/..."> which is made directly by the browser.
The best I can do is append the token in the querystring (?token=...) but Cognito only accepts tokens in the headers.
Is there any way to get Cognito to authorize requests when they come from HTML/CSS?
Upvotes: 2
Views: 827
Answers (1)
Reputation: 9030
Unfortunately API Gateway does not support security tokens in query string or path parameters. I do not see this changing in the short term so would recommend replacing any hardcoded HTML elements with appropriate JS client code.
Upvotes: 3
Related Questions
- API Gateway Cognito Authorizer not authorizing Access Token but will authorize Id Token: 401 Unauthorized
- How to get validate Cognito Access Token in AWS Lambda to allow Gateway API call?
- AWS API-Gateway Cognito Authorizer not working with a valid Token
- AWS API Gateway Authorizer using Cognito Identity Pool
- API Gateway Authorizer Accepts ID_token But Not Access_Token
- AWS Cognito + API Gateway, Authorize based on username
- How to generate access token for an AWS Cognito user?
- access AWS API gateway using access token from identityserver
- How to pass Cognito token to Amazon API Gateway?
- How do I use AWS cognito response to authenticate API requests