You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What I want to do is invoke this api from my browser page inside the onSuccess callback of initiateAuth. So I loaded that page while breakpointing in that callback, and when it reached the point of calling getAccessToken().getJwtToken(); on the response to initiateAuth, I copied the JWT token and then pasted it into my local terminal:
The sam-app-AppFunction-[omitted] Lambda has no CloudWatch log content yet to look at, and I can't find any logs in the associated API Gateway entry.
Btw, earlier I updated template.yaml with Runtime: nodejs20.x because Lambda's no longer support the node14.x setting in all the sam templates I've looked at.
The text was updated successfully, but these errors were encountered:
Partial answer: {tokenProvidedByCognito} is a surprisingly vague placeholder for AWS documentation. It does not specify whether it should be an access token, as I assumed, or an identity token, which turned out to be correct.
Also, despite the initiateAuth response having a getIdToken method, the result given by this method is not directly usable as {tokenProvidedByCognito}. What one must do to get a usable value is getIdToken().getJwtToken().
However, making a GET using the same authorization header from one's page that provides the JWT will result in a CORS Blocked error. It seems that https://github.com/aws-samples/serverless-patterns/blob/main/cognito-restapi/template.yaml must be edited in some way to enable CORS for the (sub)domains that one wants to permit. This seems like a poor security choice for a recommended template, and that instead the absence of any domain (as would be the case for curl) should result in a Blocked error. The template installation should prompt for the (sub)domains to be allowed.
I'm trying to follow the Testing step of https://github.com/aws-samples/serverless-patterns/tree/main/cognito-restapi
It's not clear what kind of value to use for {tokenProvidedByCognito}.
What I want to do is invoke this api from my browser page inside the onSuccess callback of initiateAuth. So I loaded that page while breakpointing in that callback, and when it reached the point of calling
getAccessToken().getJwtToken();
on the response to initiateAuth, I copied the JWT token and then pasted it into my local terminal:But that returns a 401:
The sam-app-AppFunction-[omitted] Lambda has no CloudWatch log content yet to look at, and I can't find any logs in the associated API Gateway entry.
Btw, earlier I updated
template.yaml
withRuntime: nodejs20.x
because Lambda's no longer support the node14.x setting in all the sam templates I've looked at.The text was updated successfully, but these errors were encountered: