Reputation: 4280
How to authenticate Guest/Unauthenticated users with API Gateway Cognito Authorizer?
In API gateway you can setup a Cognito Authorizer that references a Cognito User Pool for authentication. For verification, API Gateway expects the Cognito User Pool JWT token to be set in the Authorization header.
Using 'aws-sdk' and 'amazon-cognito-identity-js' NPM packages, how can I create guest/unauthenticated users and retrieve the JWT token to pass to API Gateway? By Guest/unauthenticated, I mean not even having a username or email. Or, is this not possible with the current APIs?
Amplify (built on top of Cognito) appears to have something similar: https://docs.amplify.aws/sdk/auth/guest-access/q/platform/android
Thoughts?
Upvotes: 0
Views: 1469
Answers (1)
Reputation: 4480
Cognito User Pool is an authentication provider. This is separate from unauthenticated access that is provided by Identity pool. You cannot use the default cognito authorizer in API Gateway for validating the token. However, you can use a custom lambda authorizer that will take token and confirm it is valid for your identity pool.
Upvotes: 1
Related Questions
- AWS API Gateway: Authorize Cognito user groups
- Authenticate users in AWS Api Gateway with Cognito
- AWS API Gateway Authorizer using Cognito Identity Pool
- AWS Api Gateway Authorizer + Cognito User Pool Not Working {"message": "Unauthorized"}
- AWS Cognito and AWS Api Gateway authorizations of users application
- How can I authenticate my api gateway with cognito?
- AWS Cognito + API Gateway, Authorize based on username
- AWS API Gateway: API available for authenticated and guest users only
- How to authenticate user in AWS Custom authorizer?
- How do I use AWS cognito response to authenticate API requests