Datomic Ions Using Cognito User Pool APIGateway Authorizer


#1

Hi friends, I need to add authorization to my ions delivered as API Gateway endpoints.

I went through all the aws docs and can confirm my iOS frontend is working and receiving data. Now on the server side I need to determine which user from the cognito user pool made the request.

Lets say i’ve got :member/phone as a unique schema attribute, and in my cognito user pool claims I have the :phone_number claim required for all my users. When trying to figure out how to link up the request initiator and their user in my datomic database I found these nested keys in the request that contain the phone number.

(get-in request [:datomic.ion.edn.api-gateway/data :requestContext :authorizer :claims :phone_number])

I also read a few months ago that there used to be a key called :datomic.ion.edn/api-gateway-request and when someone else asked about it they were told it wasn’t stable and one of the next releases would contain the proper documentation for the keys. That was back in june of 2018.

The key that I found is actually different from the one in June, but I’ve been unable to find any documentation on it. Is this stable? Is it documented somewhere I missed? Is there a correct way to grab the cognito claims?

Looking for guidance from the Datomic team about what the current state of the cognito claims information in the ion web request object is and what is considered stable or not.

Thanks,

Joe.


#2

Hi @jplane,

Thank you for catching this! The two keys you’re looking for are datomic.ion.edn.api-gateway/json and datomic.ion.edn.api-gateway/data.

I’ve updated our documentation here to reflect the keys as they were undocumented. More information on key values can reviewed in the Amazon API Gateway Developer Guide.

Cheers,
Jaret