Cognito Authorizer

Cognito authorizers are also supported by setting the type to :cognito_user_pools. Example:

class MainAuthorizer < ApplicationAuthorizer
  authorizer(
    name: "MyCognito", # <= name is used as the "function" name
    identity_source: "Authorization", # maps to method.request.header.Authorization
    type: :cognito_user_pools,
    provider_arns: [
      "arn:aws:cognito-idp:us-west-2:112233445566:userpool/us-west-2_DbXaf8jP7",
    ],
  )
  # no lambda function
end

Notice how there’s no method defined underneath the authorizer declaration in the example. Cognito authorizers do not have Lambda functions associated with them unlike Lambda authorizers.

Connecting to Routes

To connect the Cognito Authorizer to an ApiGateway Method use the authorizer property on a route. Example:

config/routes.rb:

Jets.application.routes.draw do
  # main#my_cognito => MainAuthorizer with the name MyCognito in app/authorizers/main_authorizer.rb
  get "hello", to: "posts#index", authorizer: "main#my_cognito"
  # ...
end

Since there is no Lambda function associated with the Cognito Authorizer, Jets uses the name of the authorizer itself. You provide the underscored version of the name.

Authorizer in Controllers

Cognito authorizers also can be set in the controller instead of the routes.rb file. Example:

class PostsController < ApplicationController
  authorizer "main#my_cognito" # protects all actions in the controller
end

Setting the authorizer in the controller is just syntactical sugar. Ultimately, the authorizer is still set at the API Gateway Method Resource.

Pro tip: Use the <- and -> arrow keys to move back and forward.

Edit this page

See a typo or an error? You can improve this page. This website is available on GitHub, and contributions are encouraged and welcomed. We love pull requests from you!