Posted On: Dec 14, 2017

You can now define and require OAuth2 scopes as part of the method-level authorization when using an Amazon Cognito Authorizer in Amazon API Gateway. This simplifies building APIs that support Cognito Oauth2 scopes by removing the need to create an AWS Lambda function that performs the authorization. A scope defines the level of access to a resource that an application has permission to. For example, if you have a resource server for storing photos, you could define two scopes: one for read access to the photos and one for write/delete access. You can require applications to request access to your APIs by including a token with one or more scopes embedded inside it. API Gateway will then use it to determine whether the API caller is authorized to access the API. 

To get started, create a Cognito Authorizer and set scopes on your methods using the Amazon API Gateway Management Console, AWS CLI, or SDKs and APIs. Visit our documentation to learn more. 

This feature is now available in US East (N. Virginia), US East (Ohio), US West (Oregon), EU (Ireland), EU (Frankfurt), EU (London), Asia Pacific (Singapore), Asia Pacific (Tokyo), Asia Pacific (Sydney), Asia Pacific (Seoul), and Asia Pacific (Mumbai) AWS regions. Visit our product page for more information about Amazon API Gateway.