Jez Nicholson (14) [Avatar] Offline
#1
I'd just like to share some experience:

My client, like many people, is used to testing an API using Postman. As our API is secured using Cognito it is tricky (or impossible?) to follow the sign-up/sign-in process with just http calls....you have to use the aws-sdk.

It all got quite painful until I utilised Jan's excellent test script to create a new user and sign in, then grabbed the generated idToken. You can then make http API Gateway calls from Postman if you use 'Bearer Token' (or manually set an 'Authorization' header) with the idToken pasted in.

'use strict'

const co = require('co')
const init = require('../steps/init').init
const given = require('../steps/given')

let asUser

co(function* () {
  yield init()
  asUser = yield given.authenticatedUser()
}).then(function (value) {
  console.log(`${JSON.stringify(asUser)}`)
}, function (err) {
  console.error(err.stack);
})


You could probably go a step further and do this in a pre-request script and add automatically authorize the http calls. Postman has pre-request scripts, but cannot normally see external libraries. A trick is to pass them in as an environment variable https://stackoverflow.com/questions/47580353/how-do-i-incorporate-my-node-js-file-into-a-postman-request
Morgatz (10) [Avatar] Offline
#2
This is helpful but i was wondering if it's at all possible to get a JWT by calling AWS cognito authentication via Postman. It does seem a bit cumbersome to test Cognito protected APIs behind the API Gateway using Postman