AWS Cognito authorizer not working with AWS SDK for Android

Question

In my Android project, I use the AWS SDK to register users thanks to Cognito and call APIs in API Gateway. In my Cognito user pool, I created a user pool group. The purpose of that group is to only allow the users in that group to call a specific API.

In order to make it work, I try to follow this tutorial (especially the video). So I created a Cognito authorizer, added it to my method request in API Gateway, and try to call the API from my app using the AWS SDK:

@Service(endpoint = "https://abcdefghig.execute-api.eu-central-1.amazonaws.com/staging")
public interface AwsdemoapiClient
{
    @Operation(path = "/test-api", method = "GET")
    Empty testApiGet(); 
}

The problem is: whether the user is authenticated or not, and in the group or not, I always get the following error, when I call testApiGet() in my app: 401 Unauthorized, even if I have the right authorization in my IAM roles. After some research, it looks like the id token is missing, which could be the reason why I get that error.

But isn't it supposed to be automatically managed by the AWS SDK for Android? How can I fix that?

Thanks for your help.

score 0 · Accepted Answer · answered Aug 29 '19 at 16:43

Sending the id token in the header actually solved the problem:

@Service(endpoint = "https://abcdefghig.execute-api.eu-central-1.amazonaws.com/staging")
public interface AwsdemoapiClient
{
    @Operation(path = "/test-api", method = "GET")
    Empty testApiGet(@Parameter(name = "Authorization", location = "header") String idToken);; 
}

You can get the id token by calling the following function:

CognitoUserPool pool = new CognitoUserPool(context, userPoolId, clientId, clientSecret, region);
pool.getCurrentUser().getSessionInBackground(...);

AWS Cognito authorizer not working with AWS SDK for Android

1 Answers1