Hi all, I have a couple of api routes defined as follows:

const api = new Api(this, "Api", {
    routes: {
        "GET /skills": skillsSyncFunction
    },
});

I want to secure these so that the client needs a bearer token before making a request. My access token has the following fields:

{ 'AccessToken': 'eyJ...', 'ExpiresIn': 300, 'TokenType': 'Bearer', 'IdToken': 'eyJ...' }

What would be the correct way to set up auth? I tried this but it failed:

const api = new Api(this, "Api", {
    defaultAuthorizationType: ApiAuthorizationType.JWT,
    defaultAuthorizer: new HttpUserPoolAuthorizer({
        'userPool': env['AWS_USER_POOL'],
        'userPoolClient': env['AWS_CLIENT_ID']
    }),
    routes: {
        "GET /skills": skillsSyncFunction
    },
});

However this threw an error message:

ApiUserPoolAuthorizer6F4D9292 Caught exception when connecting to <https://cognito-idp.eu-west-2.amazonaws.com/undefined/.well-known/openid-configuration> for issuer <https://cognito-idp.eu-west-2.amazonaws.com/undefined>. Please try again later. Error: Invalid issuer: <https://cognito-idp.eu-west-2.amazonaws.com/undefined>. Issuer must have a valid discovery endpoint ended with '/.well-known/openid-configuration' (Service: AmazonApiGatewayV2; Status Code: 400; Error Code: BadRequestException; Request ID: 0000; Proxy: null)

Could someone please guide me on how I could get auth working with API endpoints? Rest seems to all work very well

Looks like you are not setting up the authorizer correctly. The values you pass in for userPool should be the CDK userPool and the CDK userPoolClient. See: https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-apigatewayv2-authorizers.UserPoolAuthorizerProps.html Basically need to do something similar to this:

const auth = new Auth(this, ...)

const api = new Api(this, "Api", {
   defaultAuthorizer: new HttpUserPoolAuthorizer({
      userPool: auth.cognitoUserPool,
      userPoolClient: auth.cognitoUserPoolClient
   }),
   ...
})

Thanks Garrett! I will try this