问题
I am trying to use aws api gateway authorizer with cognito user pool. It is working fine when i test using aws api gateway console.
But when i try enabling the authorization in the api it says "message": "Unauthorized". Please check below screenshot
API Gateway Console Screenshot - This works fine
Postman Screen shot - Not working
Can someone help please.
FYI I have followed the instructions as mentioned here http://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-integrate-with-cognito.html
回答1:
In my case, authorization code should be id_token. I made a mistake for using access_token instead
回答2:
I tried Mathias' solution out and it didn't work at first. Oddly, I can back to it hours later and tried again, and this time made some other changes to my API gateway before deploying the API. This time it worked, even though the other changes that I made were superficial.
Also, as is so often the case, the AWS docs are wrong, stating that you should use method.response.header.Authorization. This is really only valid for Lambdas using custom auth. You should indeed use just Authorization here when you are using the new Cognito User Pool Authorizer.
- Use
Authorizationnotmethod.response.header.Authorization - Make a superficial change to your resource in API Gateway
- Deploy your API and wait a second
-- edit --
I was just converting my stack to Cloudformation and found out that if you are using Cloudformation to deploy the Authorizer, you do in fact need to specify the full method.response.header.Authorization for the token source. In fact, a stack deploy will fail if you don't use that format. However, once deployed, if you look at the Authorizer in the console, it will have dropped the method.response.header part.
回答3:
The below steps fixes the problem for me. In short, there seems to be a bug in AWS API Gateway. You can fix it by re-deploy the API:
- Change the Request Validator from NONE to Validate Body
- Actions -> Deploy the API -> choose the stage you want to deploy it to.
- Change the Request Validator from Validate Body to NONE
- Redo step 2.
回答4:
I had the same issue like you and realized that I entered a wrong Token Source.
Enter in <your API> -> Authorizers -> Token Source the name of the HTTP header where the API gateway has to look for the token. (in your case Authorization)
Save it and don't forget to deploy before you test it out.
回答5:
I had the same issues, the solution was just to redeploy the project.
来源:https://stackoverflow.com/questions/46345005/aws-api-gateway-authorizer-cognito-user-pool-not-working-message-unauthor