How do I create and troubleshoot Amazon Cognito and API Gateway integrations?

3 minutos de lectura
0

I want to create and troubleshoot Amazon Cognito and Amazon API Gateway integrations.

Resolution

To create and troubleshoot authorizers with API Gateway REST APIs or API Gateway HTTP APIs, complete the following steps:

Authorizers with API Gateway REST APIs

Create Amazon Cognito authorizers

To create an authorizer for a REST API, see How do I set up an Amazon Cognito user pool as an authorizer on an API Gateway REST API?

Troubleshoot Amazon Cognito authorizers

Authorizers in Amazon Cognito use either identity tokens or access tokens for authorization. If you receive 4xx errors, then the OAuth Scopes option is misconfigured in the API Gateway console.

To use an identity token for authorization, leave the OAuth Scopes option blank. To use an access token for authorization, configure OAuth Scopes. For more information, see Integrate a REST API with an Amazon Cognito user pool.

To troubleshoot 401 Unauthorized errors, see How do I troubleshoot "401 Unauthorized" errors from an API Gateway REST API endpoint after I've set up an Amazon Cognito user pool?

To troubleshoot HTTP 500 internal errors, check the configuration of your user pool's pre-token generation AWS Lambda trigger. If the Lambda trigger fails to run, then the user pool endpoint can't return identity tokens and an HTTP 500 error occurs. For more information, see Customizing user pool workflows with Lambda triggers.

Create Lambda authorizers

To create an API Gateway Lambda authorizer for a REST API, see Steps to create an API Gateway Lambda authorizer.

Troubleshoot Lambda authorizers

To troubleshoot 401 Unauthorized errors, see Why am I getting API Gateway 401 Unauthorized errors after creating a Lambda authorizer?

Authorizers with API Gateway HTTP APIs

Create JWT authorizers

To create a JSON Web Token (JWT) authorizer, configure an identity provider that issues JWTs. After you attach a JWT authorizer to a route, clients must include a JWT from the identity provider in API requests. API Gateway validates the JWT's claims, and then allows or denies requests based on the validation. For more information, see Controlling access to HTTP APIs with JWT authorizers.

Troubleshoot JWT authorizers

To troubleshoot JWT authorizer errors, see Troubleshooting issues with HTTP API JWT authorizers and How to secure API Gateway HTTP endpoints with JWT authorizer. To validate JWTs, see Verifying a JSON Web Token.

Create Lambda authorizers

To create an API Gateway Lambda authorizer for an HTTP API, see Create a Lambda authorizer.

Troubleshoot Lambda authorizers

To resolve 500 Internal Server errors and other related errors, see Troubleshooting Lambda authorizers.