AWS Cognito Authentication API Integration

Question

AWS Cognito Authentication API Integration

Can we integrate AWS cognito to authenticate API calls to our back-end server? I was planning on using a cognito access token that would be provided to the reverse proxy to generate JWT at cost for external microservices. But I couldn't find any method to check the AWS token for validity. Any suggestions?

Thank:)

+3

api amazon-web-services jwt amazon-cognito

skwalker May 20 '15 @ 7:24 am

source to share

1 answer

Bob kinney · Accepted Answer · 2015-05-25T07:21:17+0000

Amazon Cognito was not designed to secure built-in developer APIs, and I would caution you against only using the Amazon Cognito token to secure your API.

Thus, the specified Amazon Cognito token is a regular JWT signed using asymmetric encryption. This thread on the AWS forums has some sample C # code that another client was able to use to validate a token.

Update 2015-07-09 AWS announced Amazon API Gateway . Using an API gateway, you can create a REST interface for your existing API (or AWS Lamdba functions), protected by credentials obtained from Amazon Cognito authflow. See this blog post for more details on the details.

AWS Cognito Authentication API Integration

More articles: