Reputation: 8083
Authentication with Lambda and AWS Cognito
After days of trial and error, I finally managed to get signin/signup working in VueJS with AWS Cognito. I have an idToken and accessToken and would like to pass that on to my Lambda function.
I read something about the API Gateway which has options for authentication, but there's no simple explanation how this all works together.
Any suggestions or hints how to move forward?
- Use aws-sdk within the function and somehow get the username/userid?
- Use the API Gateway to pass on the user before the function is invoked?
Upvotes: 0
Views: 12762
Answers (3)
Reputation: 189
If you are looking for how to access Authenticated user identity inside the invoked lambda function, you can do so by
- Enabling
Lambda proxy integrationwhile method creation
Now you can access user identity from event as:
event["requestContext"]["authorizer"]["claims"]List item
Upvotes: 0
Reputation: 11479
Amazon Cognito User Pool makes it easy for developers to add sign-up and sign-in functionality to web and mobile applications. It serves as your own identity provider to maintain a user directory. It supports user registration and sign-in, as well as provisioning identity tokens for signed-in users as per doc
Now you have two options to configure Cognito pool with API getway
1) Use cognito authorizer : If you need to authantcate and authorize using Oauth.
2) Lambda custom authorizer : If you need custom IAM roles and Federated Identities or own logic.
Long story short here is you can find further detail:
Suggestions or hints
Use aws-sdk within the function and somehow get the username/userid?
You can use lambda authorizer and use sdk to get info if need custom logic based on user
Use the API Gateway to pass on the user before the function is invoked?
Not clear ur question but as per my assumption - Cognito authorizer on api getway automatically takecare user id validation
Upvotes: 3
Reputation: 637
So Cognito authenicated the user. Great work!
Unfortunately there is no straight answer. Next, you need to answer how you plan to handle authorizing that user. You have a few options. One option that comes to mind is below.
Cognito provides IdentityPools in addition to user pools. You can use the identity pools to give the user access to do things. AWS Cognito - Identity Pools documentation
The API gateway can check identitypool credentitials. AWS API Gateway - Controlling access to gateway.
Upvotes: 1
Related Questions
- Using Cognito for REST API authentication
- Trusting Cognito accessToken in lambda (authorizer in use) - Authorization
- AWS Cognito and Websocket Api using Lambda Authorizer
- Cognito authorizing a user through AWS lambda function
- Manual Authentication with Amazon Cognito
- AWS Cognito and Lambda: JWT expiration
- Use Cognito authorizer just as a JWT translator
- AWS Lambda Authorizer
- How to authenticate users using Lambda functions and AWS Cognito?
- How to do Cognito authentication in lambda function?