To enable authorization the api with Amazon Cognito User Pools:
- Create a user pool. Check out Secure your API Gateway with Amazon Cognito User Pools for a video tutorial.
- In the “Method Request” > “Auth” section of the API Gateway console, select the user pool.
- Access the API with an ID token:
curl --location 'https://<my_api_gateway_domain>/<my_api>' \ --header 'Authorization: Bearer <id_token>' ```
To generate the ID token from Cognito:
- Get an authorization token with the authorize API:
https://<my_cognito_domain>/oauth2/authorize?response_type=code&client_id=<client_id>&redirect_uri=<redirect_url>&state=STATE&scope=openid%20email - Use the authorization token to exchange it for an ID token from the token API:
curl --location 'https://<my_cognito_domain>/oauth2/token' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data-urlencode 'grant_type=authorization_code' \ --data-urlencode 'client_id=<client_id>' \ --data-urlencode 'client_secret=<client_secret>' \ --data-urlencode 'code=<auth_token>' \ --data-urlencode 'redirect_uri=<redirect_uri>' ```
For more details about the authorize and token endpoints, check out the following links:
A more straightforward way to obtain the tokens is by using Postman, which supports OAuth 2.0 authentication. Check out OAuth2 0 Authorization with Postman for a video tutorial.