There is documentation stating that jets support Cognito User Pools, but there isnt examples on how to use it?
How would I use Jets for an existing Cognito User Pool?
There is documentation stating that jets support Cognito User Pools, but there isnt examples on how to use it?
How would I use Jets for an existing Cognito User Pool?
Currently don’t have detailed docs for this yet. It was a contributor PR that added support at the API Gateway routing layer: https://github.com/tongueroo/jets/pull/74/files So believe he’s using it.
When you set the config.api.authorization_type
, it sets https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-method.html#cfn-apigateway-method-authorizationtype Will need to play with it more to figure it out actually. If you figure it out, am interested.
I’ll give it a shot and if I get it working, I’ll let you know
I’m using cognito to restrict access to the resources created by Jets. As @tung mentions, from a Jets configuration it is as simple as setting config.api.authorization_type = ‘AWS_IAM’.
For this all to work you will need the following:
Cognito user pool
Cognito Identity Pool
So now once you have a user authenticate through your user pool, they will be assigned the Authenticated Role created above. If you are using AWS Amplify API it will automatically put the appropriate AWS Sig4 header values needed to make it past the API gateway.
Should be as simple as that at least for my use case of locking down the API to authenticated users. I’m not doing any more than that right now.
I found this helpful, thanks! I also found a little bit simpler way to leverage Cognito to limit access to API resources to logged-in users and also know the identity of the user within the controller, so thought I’d share.
You can use a Cognito Authorizer without the extra complexity of creating an Identity Pool with roles and policies. Set up the Cognito Authorizer as described in the docs and connect it to a route or controller.
Then, in your API requests, set the Authorization
header to the Cognito idToken.jwtToken
. Only requests with a valid token will succeed. Now in the Jets controller you can access the user’s identity with event['requestContext']['authorizer']['claims']
In my case, I’m using AWS Amplify in a mobile app as the client to my Jets server API. I also had to enable CORS to get this to work:
Jets.application.configure do
...
config.cors = true
config.api.cors_authorization_type = "NONE"
end
Then in my Amplify mobile app, define the API like this to populate the header:
Amplify.configure({
API: {
endpoints: [
{
name: "Devices",
endpoint: "https://xxxxxxxxx.execute-api.us-east-1.amazonaws.com/dev",
custom_header: async () => {
return { Authorization: `${(await Auth.currentSession()).getIdToken().getJwtToken()}` }
}
}
]
}
})