requestContext & Cognito Authorization


#1

I am building an application that requires me to know which user sent the API request. The requesting user determines which data that is sent back in the response.

I am using Cognito to authenticate users, as well as for API authorization. When a user sends a request to API Gateway using Cognito Authorization, the user’s Cognito Sub ID is included within event.requestContext. So, if I want the Cognito ID of the user I look at event.requestContext.authorizer.claims.sub.

Is there is a way to mimic this within the requestContext so that I can test locally, without having to deploy to AWS?

Thanks - love the framework so far.


#2

RE: Thanks - love the framework so far.

Thanks for the kind words.

RE: Is there is a way to mimic this within the requestContext so that I can test locally, without having to deploy to AWS?

Believe there is no way to do this yet. This is interesting and something that would like Jets to account for though. Would consider PRs for this.

The local API mimic happens here:

Wondering if Jets should abuse the body or query string and pass it in there to mimic a dynamic requestContext. Unsure on the approach right now :thinking:

RE: I am using Cognito to authenticate users, as well as for API authorization

Glad to hear folks are using Cognito. Would like to dig into Cognito more and come up with a gem/plugin. Hoping to make it turnkey.

Unsure when though. Hopefully, someone from the community comes up with something also. No sweat either way.