Cognito

2. Create a Cognito User Pools Authorizer

Background

Amazon API Gateway can use the JWT tokens returned by Cognito User Pools to authenticate API calls. In this step you’ll configure an authorizer for your API to use the user pool you created in User Management.

High-Level Instructions

In the Amazon API Gateway console, create a new Cognito user pool authorizer for your API. Configure it with the details of the user pool that you created in the previous module. You can test the configuration in the console by copying and pasting the auth token presented to you after you log in via the /signin route of your current website.

✅ Step-by-step directions

  1. Under your newly created API, choose Authorizers.
  2. Choose Create New Authorizer.
  3. Enter WildRydes for the Authorizer name.
  4. Select Cognito for the type.
  5. In the Region drop-down under Cognito User Pool, select the Region where you created your Cognito user pool in the User Management module (by default the current region should be selected).
  6. Enter WildRydes (or the name you gave your user pool) in the Cognito User Pool input.
  7. Enter Authorization for the Token Source.
  8. Choose Create.

    Create user pool authorizer screenshot

Verify your authorizer configuration

✅ Step-by-step directions

  1. Open a new browser tab and visit /ride under your website’s domain.
  2. If you are redirected to the sign-in page, sign in with the user you created in the last module. You will be redirected back to /ride.
  3. Copy the auth token from the notification on the /ride,
  4. Go back to previous tab where you have just finished creating the Authorizer
  5. Click Test at the bottom of the card for the authorizer.
  6. Paste the auth token into the Authorization Token field in the popup dialog. Test Authorizer screenshot

  7. Click Test button and verify that the response code is 200 and that you see the claims for your user displayed.