how to use the access token for http api calls to lambdas with cognito authorisers?

[amitm02]

Hi,
Thanks for the library, while manage to obtain a user access token, i failed to understand how to user it with http requests to lambdas that use cognito authorisers.

Thanks

[haoxu13]

Hi, I have finally figured how to do it. After obtaining the access token (or id token), you should send the request with header Authorization and the token you just obtained to your endpoint. In my case id token works but access token doesn't, it well be appreciated if someone can tell me the difference between the two tokens.

ref: aws doc

[chaithraraja]

can any1 please share a project with this warrant library & cognito

[u9E9F]

The sample code looks like this: (Thanks to @haoxu13 's answer).

user_pool_id = ''
app_client_id = ''

u = Cognito(user_pool_id, app_client_id, username='')
u.authenticate(password='')

with requests.Session() as s:
    s.headers.update({'': 'Bearer {}'.format(u.id_token)})
    response = s.get(
        'https://<service>.execute-api.us-west-2.amazonaws.com/api/'
    )
    if response.ok:
        pprint.pprint(response.json())

and the token you just obtained to your endpoint. In my case id token works but access token doesn't, it well be appreciated if someone can tell me the difference between the two tokens.

From the ref, you can see that "The ID Token contains claims about the identity of the authenticated user such as name, email, and phone_number.", and "The Access Token grants access to authorized resources". I feel access token is a token mainly used in authorization rather than authentication. To claim who you are, we need to use the id token (I think). (Like access token will be used by server to determine what resources you can actually access) (I might misunderstood, but that's how I feel after reading the ref and associated RFC sections).

ref: https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html