In my Android project, I use the AWS SDK to register users thanks to Cognito and call APIs in API Gateway. In my Cognito user pool, I created a user pool group. The purpose of that group is to only allow the users in that group to call a specific API.
In order to make it work, I try to follow this tutorial (especially the video). So I created a Cognito authorizer, added it to my method request in API Gateway, and try to call the API from my app using the AWS SDK:
@Service(endpoint = "https://abcdefghig.execute-api.eu-central-1.amazonaws.com/staging")
public interface AwsdemoapiClient
{
@Operation(path = "/test-api", method = "GET")
Empty testApiGet();
}
The problem is: whether the user is authenticated or not, and in the group or not, I always get the following error, when I call testApiGet() in my app: 401 Unauthorized, even if I have the right authorization in my IAM roles. After some research, it looks like the id token is missing, which could be the reason why I get that error.
But isn't it supposed to be automatically managed by the AWS SDK for Android? How can I fix that?
Thanks for your help.
Sending the id token in the header actually solved the problem:
@Service(endpoint = "https://abcdefghig.execute-api.eu-central-1.amazonaws.com/staging")
public interface AwsdemoapiClient
{
@Operation(path = "/test-api", method = "GET")
Empty testApiGet(@Parameter(name = "Authorization", location = "header") String idToken);;
}
You can get the id token by calling the following function:
CognitoUserPool pool = new CognitoUserPool(context, userPoolId, clientId, clientSecret, region);
pool.getCurrentUser().getSessionInBackground(...);