Hi. I'm following the guide to build front-end app for my Serverless API and I think I'm missing something out... At that point where I'm supposed to shot my first request using Amplify API class, I'm told to do it in that kind of manner

<http://API.post|API.post>("notes", "/notes", {
    body: note
  });

However, API Gateway response for it is 401. I assumed Amplify takes care of appending authorization headers, JWT and whatever since it handles Cognito user pool authorization. Yet in the Amplify docs , it says one needs to explicitly add Bearer token to the request to perform JWT authorization. Did I miss something following your guide?

Whats the issue you are having with it?

Sorry, pressed the enter too soon, lol

If you followed the guide it should be okay. Here's the sample repo, you can compare your setup to that.

Hmm, looking at it again I remembered I omitted

identityPoolId

. Isn't

userPoolId

sufficient if I'm not using identity pools?

Amplify.configure({
  Auth: {
    mandatorySignIn: true,
    region: config.cognito.REGION,
    userPoolId: config.cognito.USER_POOL_ID,
    userPoolWebClientId: config.cognito.APP_CLIENT_ID
  },
  API: {
    endpoints: [
      {
        name: 'api',
        endpoint: config.apiGateway.URL,
        region: config.apiGateway.REGION
      },
    ]
  }
});
const config = {
  apiGateway: {
    REGION: 'us-east-1',
    URL: '<https://xxxxxxxxxx.execute-api.us-east-1.amazonaws.com>',
  },
  cognito: {
    REGION: 'us-east-1',
    USER_POOL_ID: 'us-east-1_yyyyyyyyy',
    APP_CLIENT_ID: 'foo',
  }
};

Hmm if you are not following the guide then I'm not totally sure what the setting should be.

Yeah I just wanted to learn how to use Amplify without all that auto-generated stuff I'm getting looking at their 'Getting started' and that specific part of your guide was a great help in it. I'm looking through the earlier parts and now I see I missed this: https://serverless-stack.com/chapters/create-a-cognito-identity-pool.html

user pools and identity pools go hand in hand you need both poorly named I think with the infinite wisdom of hindsight

Yeah this might help https://serverless-stack.com/chapters/cognito-user-pool-vs-identity-pool.html

Thanks. Now I understand the difference between User Pool and Identity Pool. A new thing I don't understand is why do I need to use Identity Pool, when App Client of User Pool provides me with all the features I need. I was able to register new users, authorize them, hand out JWT tokens and secure my API with authorizer built on it:

httpApi:
    authorizers:
      serviceAuthorizer:
        identitySource: $request.header.Authorization
        issuerUrl: 
          Fn::Join:
          - ''
          - - '<https://cognito-idp>.'
            - '${opt:region, self:provider.region}'
            - '.<http://amazonaws.com/|amazonaws.com/>'
            - Ref: serviceUserPool
        audience:
          - Ref: serviceUserPoolClient
    cors: true

(

serviceUserPool

is

AWS::Cognito::UserPool

and

serviceUserPoolClient

is

AWS::Cognito::UserPoolClient

). In the User Pool settings there's an option to enable additional federated identity providers, like Facebook, Google or SAML. Considering all of that, I'm almost certain I could get around without Identity Pools if it wasn't for Amplify API. Is it some dirty workaround what I'm doing here?

The key different between the two isn't federation but the ability to manage access control to the various AWS resources. If you don't need that you should be able to just use a User Pool. That said Amplify defaults to using an Identity Pool because they allow you to add other resources (like S3) to your stack. This is similar to what we do in the guide. I haven't looked into it but you'll need to dig into their docs to see how to configure the API to just use the User Pool.