I am working on implementing an AWS API gateway using the Lambda backend. I use the integration of the API gateway with Cognito Userpools (fairly new) instead of creating a custom autostart using Lambda (which was recommended before its integration).
I created a proof of concept (javascript) that authenticates the user with Cognito and then makes an API gateway call with these credentials. So basically, the final call to the API gateway is related to the JWT token that I received from Cognito (result.idToken.jwtToken) in the authorization header. This all works, and I can verify that only with this token can you access the API.
Everything works fine, but now I want to access the Cognito identity in my lambda; for example, an identifier identifier, or a name or email address. I read how to match all the parameters, but in fact I just use the standard request for pass request template in the integration request. I register all parameters in lambda and all cognito parameters are empty.
I looked at a lot of similar questions, and they all suggest including the "Invoke with caller credentials" checkbox in the integration request. It makes sense.
However , this check box can only be enabled if you are using AWS_IAM as an authorization and not if you have selected your cognito UserPool. So it is simply impossible to select it and actually disable it.
Does anyone know what to do in this case? Does it still work, or is there a reason why you can't turn it on and get the cognito credentials in your lambda?
Thank you very much.
source share