Currently, I am dealing with a Cognito user pool that has an application integration for JavaScript lacking a secret key. Interestingly, I can successfully log in using the code snippet below:
private static async signin(role: UserRole): Promise<string> {
const user = getUser();
const cognitoUser = new CognitoUser({
Username: user.username,
Pool: "myuserpool"
});
const authDetails = new AuthenticationDetails({
Username: user.username,
Password: user.password
});
return new Promise((resolve, reject): void => {
cognitoUser.authenticateUser(authDetails, {
onSuccess: result => {
this.credentials[role] = result.getIdToken().getJwtToken();
resolve(this.credentials[role]);
},
onFailure: err => {
console.log(`Failed login to cognito with ${role}: `, err);
reject(err);
}
});
});
}
However, when I attempt to make a call to my endpoint using the aws-api-gateway-client, even though the token is attached, it consistently results in a 401 unauthorized response.
The confusing part comes in when I try pasting the same token into the ApiGateway Authorizer testing section, where it returns a 200 ok message. This discrepancy indicates that the token is valid but not functioning correctly in the context of the API Gateway.
EDIT: To provide more clarity, here is the flow....
- I have a Cognito user pool
- Successful login to the userpool yields a token
- I then apply "Authorization": "bearer {token}" on the aws-api-gateway-client request headers
- The request consistently fails with a 401 Unauthorized status
- If I use the same token within the test section of the ApiGateway Authorizer, it confirms the validity of the token