Hi team, I a little new to SST. Could I understand when I should use IAM vs JWT for the API Authorizer? My use case is that I want users to sign up with Cognito user/identity pool. I also have custom attributes for each user, such as

userID

and

departmentID

which I need to receive after the authorisation in the API

event

object of API handler. I have tried using "IAM" as the Auth option, but I am not getting any custom attributes in my

event

object. Could someone advise on what is the best way to approach this?

Great question, I was about to ask the same thing. Looking forward for replies.

Hey @Harish Venkatesan, we’d recommend to go with JWT, unless u want ur frontend users interact with AWS resources directly, ie. frontend users querying DynamoDB table directly.

Hey @Frank, I read that user pools provide authentication and identity pools provide authorisation - hence is why I thought I needed Identity Pool as well. Thanks for the recommendation to go with JWT. I have a few questions: 1. With JWT auth, after user logs in to my frontend (FE), they will be issued a JWT with all the attributes, including custom attributes? Does that mean where I configure routes requiring authorisation, the

event

object in the handler will receive the auth attributes as well? 2. Currently, I am using the Amplify Auth library to sign in users directly from FE. With this JWT method, is this still possible? 3. I am trying to use SST Beta v1 release as there are breaking changes in the constructs. Could you share an example or reference of how to setup JWT auth in SST with custom attributes?