2

I'm having trouble to properly use the integration of user pools with the API gateway from my Android app. (As per this documentation http://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-integrate-with-cognito.html)

The API Config

Authorizer for my user pool configured and the method configured to use the authorizer. Body mapping template: 

#set($inputRoot = $input.path('$'))
{
          "userid" : "$context.authorizer.claims.sub"
}

The Android App

The following is only a collection of copy and paste snippets since it's scattered across different place in the app.

// init
credentialsProvider = new CognitoCachingCredentialsProvider(
        context,
        IDENTITY_POOL_ID,
        IDENTITY_POOL_REGION);
userPool = new CognitoUserPool(
        context,
        USER_POOL_ID,
        CLIENT_ID,
        CLIENT_SECRET,
        new ClientConfiguration(),
        USER_POOL_REGION);

// login
user = aws.userPool.getUser(username);
user.getSessionInBackground(authHandler);
String token = session.getIdToken().getJWTToken();
Map<String, String> logins = new HashMap<>();
logins.put(USER_POOL_ARN, token);
aws.credentialsProvider.setLogins(logins);
aws.credentialsProvider.refresh();

// using the api
ApiClientFactory factory = new ApiClientFactory().credentialsProvider(
            aws.credentialsProvider);
apiClient = factory.build(MyAPIClient.class);
apiClient.mainGet()

The current result

com.amazonaws.mobileconnectors.apigateway.ApiClientException: {"message":"Unauthorized"}
                                                                 (Service: MyAPIClient; Status Code: 401; Error Code: null; Request ID: cefd713c-1234-1234-1234-b9e32fbdedb0)
                                                                    at com.amazonaws.mobileconnectors.apigateway.ApiClientHandler.handleResponse(ApiClientHandler.java:294)
                                                                    at com.amazonaws.mobileconnectors.apigateway.ApiClientHandler.invoke(ApiClientHandler.java:111)
                                                                    at java.lang.reflect.Proxy.invoke(Proxy.java:397)
                                                                    at $Proxy2.mainGet(Unknown Source)
                                                                    at com.my.mainGet(my.java:206)

So I can imagine that initializing the credentials provider with an identity pool will lead to a an identity token but I really need a token from the user pool. However that leads me to the question of how do I setup my ApiClient properly to use the user pool token?

Martin Schulze
  • 2,091
  • 2
  • 22
  • 27
  • Probably similar issue like https://stackoverflow.com/questions/46345005/aws-api-gateway-authorizer-cognito-user-pool-not-working-message-unauthor ? – Mathias Sep 26 '17 at 14:38
  • have you tried logins.put("cognito-idp..amazonaws.com/", token); ? (see docs: http://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-integrating-user-pools-with-identity-pools.html) – Mathias Sep 26 '17 at 14:46
  • @martin-schulze, did you finally solve it? How did you do it? – Tobias Feb 18 '19 at 10:20
  • @Tobias unfortunately not. I actually gave up on that project. – Martin Schulze Jun 10 '19 at 12:55
  • @MartinSchulze Never give up! – Baran Jul 16 '19 at 07:29

0 Answers0