AWS API Gateway Cognito Authorizer lets traffic through without Authorization headerAWS API Gateway + Cognito User Pool Authorizer + Lambda - Which HTTP-headers and permissions do I need to set?How to use AWS API Gateway Android SDK with Cognito Userpool Authorizer?AWS Api Gateway Authorizer + Cognito User Pool Not Working “message”: “Unauthorized”How to log all Cognito User details in API Gateway Cloudwatchaws cognito, api gateway and cognito with postmanUsing AWS Cognito for API Gateway AuthorizationAWS API Gateway Custom Authorizer not invokedDo I need a custom authorizer in API Gateway when using AWS Cognito JWT tokens for authentication?AWS API Gateway with cognito authorizationSAM Template : Cognito User Pool integrate in APIgateway - Authorizer doesn't work
Are Captain Marvel's powers affected by Thanos breaking the Tesseract and claiming the stone?
Has the laser at Magurele, Romania reached a tenth of the Sun's power?
Telemetry for feature health
Why can't the Brexit deadlock in the UK parliament be solved with a plurality vote?
Would a primitive species be able to learn English from reading books alone?
Why the "ls" command is showing the permissions of files in a FAT32 partition?
Overlapping circles covering polygon
Make a Bowl of Alphabet Soup
How much do grades matter for a future academia position?
Check if object is null and return null
Should I warn a new PhD Student?
Is there a distance limit for minecart tracks?
Deciphering cause of death?
Identifying "long and narrow" polygons in with PostGIS
Proving an identity involving cross products and coplanar vectors
Isometric embedding of a genus g surface
Sigmoid with a slope but no asymptotes?
Mimic lecturing on blackboard, facing audience
Do you waste sorcery points if you try to apply metamagic to a spell from a scroll but fail to cast it?
Does the Crossbow Expert feat's extra crossbow attack work with the reaction attack from a Hunter ranger's Giant Killer feature?
What does "Scientists rise up against statistical significance" mean? (Comment in Nature)
What is this high flying aircraft over Pennsylvania?
Why the various definitions of the thin space ,?
El Dorado Word Puzzle II: Videogame Edition
AWS API Gateway Cognito Authorizer lets traffic through without Authorization header
AWS API Gateway + Cognito User Pool Authorizer + Lambda - Which HTTP-headers and permissions do I need to set?How to use AWS API Gateway Android SDK with Cognito Userpool Authorizer?AWS Api Gateway Authorizer + Cognito User Pool Not Working “message”: “Unauthorized”How to log all Cognito User details in API Gateway Cloudwatchaws cognito, api gateway and cognito with postmanUsing AWS Cognito for API Gateway AuthorizationAWS API Gateway Custom Authorizer not invokedDo I need a custom authorizer in API Gateway when using AWS Cognito JWT tokens for authentication?AWS API Gateway with cognito authorizationSAM Template : Cognito User Pool integrate in APIgateway - Authorizer doesn't work
I've set up an API in AWS API Gateway and integrated it with a Cognito user pool as outlined here: https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-enable-cognito-user-pool.html
The authorizer itself works fine in the Authorizers Test window (it gives 401 for anything but a valid token), and I have set the authorizer as the Authorization in the API Gateway methods settings. But even so I can still call the API just fine without providing any tokens, or any headers at all for that matter. Right now there seems to be no difference between having the authorizer configured or not. Any idea what's going on?
amazon-web-services api aws-lambda amazon-cognito gateway
add a comment |
I've set up an API in AWS API Gateway and integrated it with a Cognito user pool as outlined here: https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-enable-cognito-user-pool.html
The authorizer itself works fine in the Authorizers Test window (it gives 401 for anything but a valid token), and I have set the authorizer as the Authorization in the API Gateway methods settings. But even so I can still call the API just fine without providing any tokens, or any headers at all for that matter. Right now there seems to be no difference between having the authorizer configured or not. Any idea what's going on?
amazon-web-services api aws-lambda amazon-cognito gateway
add a comment |
I've set up an API in AWS API Gateway and integrated it with a Cognito user pool as outlined here: https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-enable-cognito-user-pool.html
The authorizer itself works fine in the Authorizers Test window (it gives 401 for anything but a valid token), and I have set the authorizer as the Authorization in the API Gateway methods settings. But even so I can still call the API just fine without providing any tokens, or any headers at all for that matter. Right now there seems to be no difference between having the authorizer configured or not. Any idea what's going on?
amazon-web-services api aws-lambda amazon-cognito gateway
I've set up an API in AWS API Gateway and integrated it with a Cognito user pool as outlined here: https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-enable-cognito-user-pool.html
The authorizer itself works fine in the Authorizers Test window (it gives 401 for anything but a valid token), and I have set the authorizer as the Authorization in the API Gateway methods settings. But even so I can still call the API just fine without providing any tokens, or any headers at all for that matter. Right now there seems to be no difference between having the authorizer configured or not. Any idea what's going on?
amazon-web-services api aws-lambda amazon-cognito gateway
amazon-web-services api aws-lambda amazon-cognito gateway
edited Mar 8 at 1:43
John Rotenstein
76.1k785137
76.1k785137
asked Mar 7 at 21:56
fafnerfafner
489
489
add a comment |
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55053426%2faws-api-gateway-cognito-authorizer-lets-traffic-through-without-authorization-he%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55053426%2faws-api-gateway-cognito-authorizer-lets-traffic-through-without-authorization-he%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown