How do I verify a Cognito user is signed in for my API?

Question

I am looking into using amazon-cognito-identity-js with my React frontend and boto3 with my Python backend. Once I have a user signed in on the frontend, how can I send an API request to my backend and have the backend verify that the user is signed in before giving data back?

Is it the ID, access or refresh token? If so are these JWT tokens that require a separate library to verify? Or can it be verified within boto3 to check the user's session is active?

Answer 1

This is an example using the serverless framework, here the API endpoint is secured using the Cognito User pool.

getUsers:
        handler: src/functions/cognito/get-users.handler
        events:
          - http: 
              path: get-users-data
              method: get
              cors: true
              private: true
              authorizer:
                name: CognitoAuthorizer
                type: COGNITO_USER_POOLS
                arn:
                  Fn::GetAtt: [FacialVoteUserPool, Arn]

Then you just need to add this jwt token you got when user authenticated to the header and send the request to the server

 'Authorization': `Bearer ${jwt}`