This is a step by step tutorial to configure Cognito User Pool as the authorizer for REST API in AWS. The focus is on creating a Resource Server a.k.a OAuth server in the Cognito User Pool to create custom OAuth scopes and protect the REST API endpoint using those OAuth scopes.
For those who like text, please check out this blog post - selvamsubbiah.com/how-to-integrate-api-gateway-and-cognito-user-pool-with-custom-oauth-scopes/
We will create a REST API using AWS Lambda and API Gateway, integrate it with Cognito User Pool and create custom OAuth scopes to authenticate and authorize the REST API endpoints.
Below are the steps to setup the REST API and OAuth authorization using Cognito User Pool -
1. Create a AWS Lambda function
2. Create a REST API in AWS API Gateway
3. Create a Cognito User Pool
4. Create a Resource Server and define custom scopes
5. Update the App Client with the custom scopes
6. Create an Authorizer in API Gateway
7. Configure the Authorizer and the custom OAuth scope for the API
8. Create a user in the Cognito User Pool
9. Test the API endpoint