I have setup APIs and I am trying to use AWS Cognito User Pool for authorization and authentication. I am using custom domain in cognito (let's say: http://test-auth.abc.com). Domain name for API is (let's say: http://test-api.abc.com). I am using postman and cURL to test these API endpoints.
When I don't select/check "Allowed Custom Scopes" the API tests work with id_token.
But when I select "Allowed Custom Scopes" and use access token I get "Unauthorized" error. (I use this scope in API gateway OAuth Scopes and I re-deployed the API before testing).
Few more details:
- The name of the user pool is "user-api".
- API name is "test APIs".
- API "Authorizers" name is - "api test". I picked "user-api" for cognito.
- Cognito >> Resource Servers >> identifier : http://test-api.abc.com
- Scopes: name >> users.read
Why am I getting unauthorized error? Did I supply the right identifier?
Any help is much appreciated.
Apparently, you can type any value for the "identifier".
My issue was I did not include "allowed custom scopes" along with "Allowed OAuth Scopes" in the token generation request.