I migrated from AWS SAM to Serverless Framework. In the process I moved from us-east-2 to us-east-1. Cognito is still on us-east-2, new lambdas are on us-east-1. I don't believe this the issue but just starting with this.
Right now, on my site, I can successfully create an account and login/logout with that account. However, if I try to login with an existing user, it will error with:
An error occurred (NotAuthorizedException) when calling the GetUser operation: Access Token has been revoked
I'm really at a loss for why this is happening as the new users are going into the same existing Cognito Pool as the existing users. They are hitting the same exact endpoints, going through the same Cognito flow, and being accessed from the same pool.
I am using AWS-Amplify on the front end to generate the token like so:
import { Auth } from 'aws-amplify'
// inside my handleAuth React component method:
const user = await Auth.signIn(userEmail, userPassword)
// Get session after successful login
const token = user.signInUserSession.getAccessToken().getJwtToken()
// Add token to headers so endpoint can grab it
axios.defaults.headers.common['Authorization'] = token
API code looks like:
import boto3
headers = event['headers']
access_token = headers['authorization'] if 'authorization' in headers else None
client = boto3.client('cognito-idp', region_name='us-east-2')
return client.get_user(AccessToken=token)
When I put the JWT token into something like jwt.io I can see it has all the data that I want, just something with the token signing is incorrect it seems.
Last note, if I create a NEW user on the NEW API and then try to sign in with that NEW user on the OLD API, it works perfectly fine. Any idea why my new API can't process existing users?