Setting up Authentication for the Microservice
Right now, if you click the Go! button on the web site and do not enter a city to filter, you will see a dialog with all available trips. We want to change this behaviour so that you must be logged in in order to be able to search for all trips without a filter. This is just an example to demonstrate how we could limit certain API calls to only authenticated users.
Contents
Unauthorized (401)
panel and open it.In the Response Headers section, add in the following two header/value pairs:
Header name | ‘static value’ |
---|---|
Access-Control-Allow-Origin | ‘*’ |
Access-Control-Allow-Headers | ‘*’ |
You must provide the single-quotes around the static value as shown above. Don’t provide * by itself, surround it with single-quotes like shown. Make sure that there is no trailing space after the header name if you copy/pasted from the lab cloudformation values.
401
panel to commit the changes.API Gateway integrates tightly with Cognito for authorization. You simply need to declare your Cognito User Pool as an authorizer for your API.
TravelBuddy
Cognito
TravelBuddy
entry from the drop-down list for Cognito User Pool by first clicking inside the text entry field.Authorization
and note that spelling and capitalization are important./trips
TravelBuddy
. This is the authoriser we created in the previous step, and links to the Cognito User Pool we are using for our user database. If it does not appear, try refreshing your browser.