Authenticate to Cognito from SwaggerHub for calls to API Gateway

Question

I have a SwaggerHub definition and I want to use the 'Try it out' function to pull data from my API Gateway page. This API is restricted using a Cognito Authorizer.

Currently I have created a separate web page where I log into my Cognito UserPool and then it returns the id_token. I then copy this value and paste it into my SwaggerHub definition in the Authorization header value each time I make a call.

Is there a way I can do the authorisation directly from SwaggerHub rather than having to get the id token from another method first?

Answer 1

Yes you can, using security schemes. See https://swagger.io/docs/specification/authentication/.

See https://app.swaggerhub.com/apis/kanjih-ciandt/dsco-platform_api/3.0 for oauth2 example. It's not my API but one I found searching on SwaggerHub.

Answer 2

I've managed to set it up in our project and it's working fine even with MFA.

Just follow this steps:

In swagger definition (openApi 3.0):

components:
  securitySchemes:
    cognito:
      type: oauth2
      description: Using Cognito oAuth
      flows:
        authorizationCode:
          authorizationUrl: 'https://YOUR_DOMAIN.auth.YOUR_REGION.amazoncognito.com/oauth2/authorize'
          tokenUrl: 'https://YOUR_DOMAIN.auth.YOUR_REGION.amazoncognito.com/oauth2/token'
          refreshUrl: 'https://YOUR_DOMAIN.auth.YOUR_REGION.amazoncognito.com/oauth2/token'
          scopes:
             phone: 'Phone access'
             email: 'Email access'
             YOUR_SCOPES: 'CUSTOM SCOPES'

For it to work, you have to add the swaggerHub callback url in the configuration of the Cognito client you are using, which is: https://app.swaggerhub.com/oauth2_redirect

Then you can get the token directly from SwaggerHub, using the client_id and client_secret of your client, and you will be redirected to the login page, and then redirected back to swagger with the auth token.