Does anybody have an example of granting cognito I...
# helpp
Patrick Gold
10/26/2021, 1:48 PMDoes anybody have an example of granting cognito IAM auth permissions to an AppSync API? I have tried a few options and I keep getting 401s when doing queries.
a
Ashishkumar Pandey
10/26/2021, 1:53 PMwhat are trying to do? If you’re authenticating users you probably need JWT. If you’re authorising aws resources for unauthenticated users then you might need to use an identity pool in the mix. I just started exploring cognito so here’s my 2 cents.
p
Patrick Gold
10/26/2021, 2:00 PMI was hoping to use a cognito identity pool federated through Auth0. I'd rather use IAM internally to AWS instead of validating JWTs.
Patrick Gold
10/26/2021, 2:01 PMI had a JWT authorizer working, but giving IAM a go.
a
Ashishkumar Pandey
10/26/2021, 2:02 PMFrom what I’ve read and understood so far, I think IAM was not intended for authentication but for authorization. Cognito is messy lol.
p
Patrick Gold
10/26/2021, 2:35 PMRight, my intention is to use IAM for authorization and Auth0 for Authentication.
a
Ashishkumar Pandey
10/26/2021, 2:37 PMokay, so you have an identity pool configured and attached to the sst Auth construct and a user pool which federates to Auth0 via OIDC?
p
Patrick Gold
10/26/2021, 4:04 PMYeah, exactly
Patrick Gold
10/26/2021, 4:04 PMI’m thinking my issue might be on the frontend
Patrick Gold
10/26/2021, 4:05 PMNot sending the correct credentials. I’m using the Amplify libraries, but I don’t see any headers with tokens being passed
a
Ashishkumar Pandey
10/26/2021, 4:54 PMoh, that makes sense, all authenticated requests would have an authorization header.
s
Sam Hulick
10/26/2021, 5:19 PM@Patrick Gold yep, I’m using AppSync in a Lambda func to make some mutations.. so it uses IAM auth. I can dig up my code examples & PM you if you’d like
p
Patrick Gold
10/26/2021, 5:20 PMWould be super helpful - thank you @Sam Hulick