Is it possible to make an http api authorizer limi...
# help
Is it possible to make an http api authorizer limit routes to users that are in an "Admin" group in cognito or would I need to check their group in the actual lambda function?
I think this is possible with a Custom authorizer.. not sure if the JWT authorizer supports this out of the box
just my gut feeling… haven’t done something like this… 😁
Figured that might be the case, thanks for the input
Frank’s right, your Lambda function would have to check the claims. custom authorizer might be able to do it.. but if I’m not mistaken, a customer authorizer is powered by a Lambda function, so it may or may not be worth doing that
Yes, custom authorizer it’s basically a lambda that you can implement your custom logic, we use it to verify the JWT and do other checks too.
With the auth example for cognito on What does making defaultAuthorizationScopes = ['', ''] do? Not sure I understand what the docs say about it.
I haven’t tried using JWT with Cognito user pool, but here’s what I gather from reading the doc
API Gateway allows or denies requests based on token validation, and optionally, scopes in the token. If you configure scopes for a route, the token must include at least one of the route’s scopes.