AWS Api Gateway Authorizer + Cognito User Pool Not Working {“message”: “Unauthorized”}

Question

I am trying to use aws api gateway authorizer with cognito user pool. It is working fine when i test using aws api gateway console.

But when i try enabling the auth

Answer 1

I tried Mathias' solution out and it didn't work at first. Oddly, I can back to it hours later and tried again, and this time made some other changes to my API gateway before deploying the API. This time it worked, even though the other changes that I made were superficial.

Also, as is so often the case, the AWS docs are wrong, stating that you should use method.response.header.Authorization. This is really only valid for Lambdas using custom auth. You should indeed use just Authorization here when you are using the new Cognito User Pool Authorizer.

1. Use Authorization not method.response.header.Authorization
2. Make a superficial change to your resource in API Gateway
3. Deploy your API and wait a second

-- edit --

I was just converting my stack to Cloudformation and found out that if you are using Cloudformation to deploy the Authorizer, you do in fact need to specify the full method.response.header.Authorization for the token source. In fact, a stack deploy will fail if you don't use that format. However, once deployed, if you look at the Authorizer in the console, it will have dropped the method.response.header part.