我目前正在使用带有用户池的Hosted Cognito UI . 通过使用池设置中设置的域,我可以将用户发送到登录屏幕:
https://<domain>.auth.eu-west-1.amazoncognito.com/login?response_type=code&client_id=<client_id>&redirect_uri=<redirect_uri>
成功输入用户名/密码后,Cognito现在会重定向到池设置和上面的URL中指定的URL . 这指向API网关中的/ GET,其中通过AWS Cognito启用了授权 . 但是,我总是被拒绝访问:
{"message":"Unauthorized"}
请注意,如果我:
curl --header "Authorization: <the authorization token>" https://<the redirect url>
然后我被授权并从API网关获得所需的结果 .
我的假设是将授权令牌从Cognito传递到API网关时出现问题 . 我的设置如下:
API Gateway Settings
/GET Method Request
Authorization: my-cognito-user-pool
OAuth Scope: None
Request Validator: Validate query string parameters and headers
API Key Required: false
*HTTP Request Headers*
Name: Authorization, Required:N, Caching:N
/GET Integration Request
Integration Type: Lambda Function
Use Lamba Proxy Integration: N
Lambda Region: eu-west-1
Lambda Function: my-lambda-function
Invoke with caller credentials: N (it does not allow me to check this box)
Use Default Timeout: Y
*HTTP Headers*
Name: Authorization, Mapped From: method.request.header.Authorization, Caching: N
Cognito Settings
谢谢!!