REST Gateway does not forward Cognito authenticated user identification to lambda function #24369

BenKfm · 2023-02-28T13:49:22Z

BenKfm
Feb 28, 2023

Hi,

straight to the point: i can authenticate at the gateway using cognito, but the triggered lambda function does not contain identity information of the authenticated user. I already tried with different lambda functions (rust and nodejs) and the outcome is the same, so i guess it is some small detail in my stack definition that i just cannot find...

Here is the culprit:

export class MainStack extends cdk.Stack {
  constructor(scope: Construct, id: string, props?: cdk.StackProps) {
    super(scope, id, props);

    const cognito_user_pool = new cogn.UserPool(this, "user_pool", {
      userPoolName: "user_pool",
    });

    const cognito_user_pool_client = cognito_user_pool.addClient("app_client", {
      authFlows: {
        userSrp: true,
        custom: true,
      },
    });

    new IdentityPool(this, "identity_pool", {
      identityPoolName: "identity_pool",
      authenticationProviders: {
        userPools: [
          new UserPoolAuthenticationProvider({
            userPool: cognito_user_pool,
            userPoolClient: cognito_user_pool_client,
          }),
        ],
      },
    });

    const cognito_auth = new apigw.CognitoUserPoolsAuthorizer(
      this,
      "cognito_auth",
      { cognitoUserPools: [cognito_user_pool] }
    );

    const restApi = new apigw.RestApi(this, "HttpApi", {
      deployOptions: { tracingEnabled: true },
    });

    const endpoint = restApi.root.addResource("test");
    endpoint.addMethod("GET", new apigw.LambdaIntegration(lambda_function), {
      authorizer: cognito_auth,
      authorizationType: apigw.AuthorizationType.COGNITO,
    });
  }
}

Any help appreciated!

Answered by BenKfm

Apr 16, 2023

The user identity can be found in the request_context, not lambda_context like this:

    match request.request_context() {
        RequestContext::ApiGatewayV1(context) => {
            println!("{:?}", context.identity);
        }
    }

View full answer

BenKfm · 2023-04-16T08:10:19Z

BenKfm
Apr 16, 2023
Author

The user identity can be found in the request_context, not lambda_context like this:

    match request.request_context() {
        RequestContext::ApiGatewayV1(context) => {
            println!("{:?}", context.identity);
        }
    }

0 replies

2023-12-01T20:53:03Z

github-actions[bot]
bot Dec 1, 2023

Hello! Reopening this discussion to make it searchable.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

REST Gateway does not forward Cognito authenticated user identification to lambda function #24369

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Replies: 2 comments

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

REST Gateway does not forward Cognito authenticated user identification to lambda function #24369

Uh oh!

Uh oh!

BenKfm Feb 28, 2023

Replies: 2 comments

Uh oh!

Uh oh!

BenKfm Apr 16, 2023 Author

Uh oh!

github-actions[bot] bot Dec 1, 2023

BenKfm
Feb 28, 2023

BenKfm
Apr 16, 2023
Author

github-actions[bot]
bot Dec 1, 2023