1

I have a lambda that creates the tokens for an existing user in my user pool, but when I am to validate the access token returns an error 401 and when I try with ID token it returns a 200.

function asyncAuthenticateUser(cognitoUser, cognitoAuthenticationDetails) {
    return new Promise(function(resolve, reject) {
        cognitoUser.authenticateUser(cognitoAuthenticationDetails, {
            onSuccess: resolve,
            onFailure: reject
        });
    });
}

 var authenticationData = {
                Username: name,
                Password: password,
            };
            var authenticationDetails = new AmazonCognitoIdentity.AuthenticationDetails(authenticationData);
            var poolData = {
                UserPoolId: UserPoolId,
                ClientId: ClientId
            };
            var userPool = new AmazonCognitoIdentity.CognitoUserPool(poolData);
            var userData = {
                Username: name,
                Pool: userPool
            };
            var cognitoUser = new AmazonCognitoIdentity.CognitoUser(userData);
            try {
                let session = await asyncAuthenticateUser(cognitoUser, authenticationDetails);
                cognitoJWT.session = session;
                console.log(session.getIdToken());
                cognitoJWT.jwtAccess = session.getAccessToken().getJwtToken();
                cognitoJWT.jwtId = session.getIdToken().getJwtToken();
                cognitoJWT.jwtRefresh = session.getRefreshToken().getToken();
                cognitoJWT.jwtPayloads = {
                jwtAccess: session.getAccessToken().decodePayload(),
                jwtId: session.getIdToken().decodePayload(),
                };
                callback(null, cognitoJWT);
            } catch (err){callback(err,null); }

My output of the Lambda is:

{
"StatusCode": 200,
 "StatusMessage": {
 "jwtAccess": "<<jwtAccess>>",
 "jwtRefresh":"<<jwtRefresh>>",
 "jwtId":<<jwtId>>
 }
}

But when I am trying to validate on the API gateway I got this output.

Output API gateway jwtAccess

If I am Try the jwtID it shows the user info. Output API gateway jwtId

Santiago Bocel
  • 33
  • 4
  • 1
    API Gateway will only use idToken to Authorize . You can check the response in the question : https://stackoverflow.com/questions/50404761/aws-api-gateway-using-access-token-with-cognito-user-pool-authorizer – ymaghzaz Sep 08 '21 at 22:32

1 Answers1

1

Using the wrong token to validate. API Gateway actually uses de "idToken" for validate, not the "accessToken". So when you want to test the token, you must use the firstone.

Fernando Oliva
  • 26
  • 3