Signed Requests with API Gateway Cognito Authorizers

[joshjreed]

First off, I am loving this library so far. I have run into an issue though, and I'm not sure if it's a limitation with the library or something I'm doing incorrectly.

I'd like to make an API.get() call using Amplify to API Gateway and have API Gateway run a Cognito Authorizer on the request. The issue I'm having is, I can't seem to find a way to pass the Cognito Authorizer a valid Authorization Token. The "Authorization" header in the request contains an AWS Signature Version 4 value, which doesn't seem compatible with the Cognito Authorizer.

Am I doing something wrong, or is there a work around for this?

Thanks!

[richardzcode]

Hi @joshjreed , My understanding of Amazon API Gateway custom authorizer is it takes Authorization header and do the job. AWS Amplify API module let you pass headers in your request. However Authorization header is overwritten by V4 Signer.

We've just made a fix to bypass signer if Authorization header is provided. You may get the latest and have a try.

Here is how you can add headers to your API call.

Thanks,
Richard

[joshjreed]

Thanks Richard! One other question I have is, what is the best way to get the authorization token for my header? I've found it by taking the first value listed in Amplify.Auth.currentUserCredentials().params.Logins. This works, but if there's a better option I'd love to hear it. I'm still familiarizing myself with the library, so I'm sure there's lots to uncover.

Thanks again!

[undefobj]

@joshjreed try something like this:

  const options = {
    headers: {
      Authorization: Auth.currentSession().idToken.jwtToken      
    }
  }
  return await API.get(name, '/path', options);

[mlabieniec]

@joshjreed just be sure to make sure you CORS is setup correctly when using this header. If you are using express or something like this with lambda proxy, you would set allowed headers within express options, similar to how the example provided by the awsmobile-cli does. For a SAM example see here: https://github.com/awslabs/aws-serverless-ember/blob/master/cloud/api.yaml#L230

[mghazanfar]

@undefobj I'm using the same in below:
const options = { headers: { Authorization: Auth.currentSession().idToken.jwtToken } }
as you suggested but unable to keep my session alive as after an hour, my API calls were still getting the old idToken and server started giving 401. Please help.

[undefobj]

@mghazanfar can you please open a new issue with your app code for assistance

[mghazanfar]

@undefobj posted. Please answer at #2155

[nitindatta]

If anyone facing issue with this I did following to get it fixed
const token = await (await Auth.currentSession()).getIdToken().getJwtToken();
const options = { headers: { Authorization: token } }
// console.info( await (await Auth.currentSession()).getIdToken().getJwtToken());
return API.get("tickets", "/tickets",options);

[github-actions]

This issue has been automatically locked since there hasn't been any recent activity after it was closed. Please open a new issue for related bugs.

Looking for a help forum? We recommend joining the Amplify Community Discord server *-help channels or Discussions for those types of questions.