The doc here says, you can connect with AWS API gateway with either the access token or the idToken issued by the cognito.
I am using amazon-cognito-identity-js for one of my Angular project. Once I login, I receive three tokens viz. accessToken, idToken and refreshToken which the sdk stores to the local storage.
Using the idToken as the Authorization header in the subsequent call successfully provides me data from the API gateway integration method, while if I use accessToken I receive a 401-Unauthorised and the response header says:
x-amzn-errortype: UnauthorizedException
Can the access token not be used for the above purpose. I am fine with using idToken, except that there are known issues in invalidating the idToken even after cognito.user.signOut or even globalSignOut as explained here.
Can someone suggest why the access token might not be working.
You can use the access token against an API endpoint if you are validating any custom scopes. In other words, if you haven't defined any custom scopes for your app client, you will use id token to call the API endpoint. otherwise, you can use an access token to validate any custom scopes.
Hope this helps.
Reference: