Gabriel
05/30/2022, 12:58 PMconst api = new sst.Api(this, "Api", {
defaultAuthorizer: new apigAuthorizers.HttpUserPoolAuthorizer("Authorizer", userPool, {
userPoolClients: [userPoolClient],
}),
defaultAuthorizationType: sst.ApiAuthorizationType.JWT,
to:
new Api(stack, "Api", {
authorizers: {
Authorizer: {
type: "user_pool",
userPool: {
id: userPool.userPoolId,
clientIds: [userPoolClient.userPoolClientId],
}
},
},
defaults: {
authorizer: "Authorizer",
},
and now im getting an error
Bearer scope="" error="invalid_token" error_description="the token does not have a valid audience"
the thing is that the token does have an aud. (also the old example worked fine)
Any clues on how to solve this?Gabriel
05/30/2022, 1:28 PMnew Api(stack, "Api", {
authorizers: {
MyAuthorizer: {
type: "jwt",
jwt: {
issuer: "<https://myorg.us.auth0.com>",
audience: ["UsGRQJJz5sDfPQDs6bhQ9Oc3hNISuVif"],
}
},
},
defaults: {
authorizer: "MyAuthorizer",
},
Gabriel
05/30/2022, 1:37 PMconst userPool = cognito.UserPool.fromUserPoolId(
this,
"IUserPool",
"us-east-1_abcd"
);
const userPoolClient = cognito.UserPoolClient.fromUserPoolClientId(
this,
"IUserPoolClient",
"123456asd"
);
new Api(stack, "Api", {
authorizers: {
Authorizer: {
type: "user_pool",
userPool: {
id: userPool.userPoolId,
clientIds: [userPoolClient.userPoolClientId],
}
},
},
defaults: {
authorizer: "Authorizer",
},
thdxr
05/30/2022, 1:42 PMFrank
new Api(stack, "Api", {
authorizers: {
Authorizer: {
type: "user_pool",
userPool: {
id: "us-east-1_abcd",
clientIds: ["123456asd"],
}
},
},
defaults: {
authorizer: "Authorizer",
},
and see if you get the same behavior?Gabriel
05/31/2022, 8:51 AMFrank
sst build
> go into .sst/cdk
> open up the template file for the stack > search for AWS::Cognito::UserPoolClient
Frank
Frank
Gabriel
06/01/2022, 10:36 AM"ApiApiApiAuthorizermyAuthorizerUserPoolUserPoolAuthorizerClientEF12345": {
"Type": "AWS::Cognito::UserPoolClient",
"Properties": {
"UserPoolId": "us-east-1_abcd",
"AllowedOAuthFlows": [
"implicit",
"code"
],
"AllowedOAuthFlowsUserPoolClient": true,
"AllowedOAuthScopes": [
"profile",
"phone",
"email",
"openid",
],
"CallbackURLs": [
"<https://example.com>"
],
"SupportedIdentityProviders": [
"COGNITO"
]
},
"Metadata": {
"aws:cdk:path": "dev-mystack-sst-yarn-app-dev-stack/Api/Api-Api-Authorizer-myAuthorizer-UserPool/UserPoolAuthorizerClient/Resource"
}
},
Gabriel
06/02/2022, 9:19 AMAuthorizer: {
type: "user_pool",
userPool: {
id: userPool.userPoolId,
**clientsIds**: [userPoolClient.userPoolClientId],
},
},
Thanks for the pointing to template, so I could try to dig deeper.
Also I found that you can still do it the "old" way
(just not an example in docs or migrate guide)
Authorizer: {
type: "user_pool",
cdk: { authorizer: new apigAuthorizers.HttpUserPoolAuthorizer("Authorizer", userPool, { userPoolClients: [userPoolClient],
}),