CODEWITHSUNDEEP
amazon-web-servicesaws-api-gatewayamazon-cognitolambda-authorizer
user2324723
user2324723

Reputation: 113

Cognito user pool does not show up API Gateway after setting authorizer

I have created a Cognito user pool authorizer for an API Gateway service that invokes a lambda function. The Authorizer is getting completely ignored and I am able to invoke the service without any token. I have deployed the service multiple times. I have created multiple gateway APIs and still see the same issue.

On comparing with an older API where I have the Authorizer working the only difference I could see is that that when I check the Resource tab in the API. The old service method (POST) shows Authorization: COGNITO_USER_POOL and all the new APIs show Authorization: None. Is something broken with the API Gateway or am I missing a step.

Upvotes: 1

Views: 2824

Answers (2)

mountainbot
mountainbot

Reputation: 79

@Arka MUkherjee, I believe that your answer is not exactly what the question asked.

The question asked why -- if we follow the steps you've outlined above -- we do not see the Cognito Authorizer that we have just created in the pull-down list that we select from in your step 6.

One reason, I've just found out, is that you have to wait a good number of minutes between the time you create the Cognito Authorizer and the time that it will show up in the pull down list. It does show up, but typically it's about 5-15 minutes after you've created the Cognito Authorizer.

Upvotes: 3

Arka Mukherjee
Arka Mukherjee

Reputation: 2300

To fix this, you should do the following steps:

  1. Head to the AWS API Gateway Console.
  2. Select the REST API that is in question.
  3. Click on the "Method Request" tab.
  4. Select the drop-down menu beside the "AUTHORIZATION" tab.
  5. Select your Cognito User Pool Authorizer, which you had defined by a unique name. If you do not remember the name of the Cognito User Pool Authorizer, you can look it up in the API Gateway Authorizers section.
  6. Select the Authorizer, save the change, and re-deploy the API.
  7. Test the REST API out from POSTMAN(or any REST Client), or the browser.
  8. If you do not provide the JWT Token from Cognito, you would get an HTTP 401 Unauthorized Error.

And yes, you are indeed right. You are facing the problem of the Authorizer not functioning because the Authorizer is not linked to the REST API. To link it, you would need to do it manually from the Method Request Tab. Another point to note is that Authorizers can be re-used between multiple REST APIs in API Gateway.

Upvotes: 4

Related Questions