Aws lambda 无服务器框架-具有授权者COGNITO_用户_池的Lambda函数始终返回“Unauthorized”

我不知道我的授权有什么问题

我有一个Hello函数，它只返回一个简单的静态消息。如果我在没有设置授权器的情况下部署，它会工作。我考过邮递员。当我尝试添加授权人时，问题开始出现

我的白兰地酒已经充分发挥作用了。在我的前端，我可以注册，然后登录，然后从这个登录会话中获取令牌

当我去邮递员那里做测试时，我总是得到未经授权的答案。 在Postman上，我对GET方法进行了测试，在Headers选项卡上，我添加了Authorization属性，并将其粘贴到我从登录会话获得的令牌的值上。我还按照一些推荐的地方，在前缀承载的值字段上测试了这一点。没有成功

过去一周我一直在努力解决这个问题。请，任何帮助都会非常有用

serverless.yml

phraseOptions.js

我可以看到该函数是使用正确的身份验证创建的：

我猜授权人也会按预期创建

昂首阔步

---

我已经找出了问题所在

服务器端还可以。在邮递员身上测试它的问题就是代币。 我使用的是cognitoUser.signInUserSession.accessToken.jwtToken，但应该是cognitoUser.signInUserSession.idToken.jwtToken

---

现在一切正常。

我已经找出了问题所在

服务器端还可以。在邮递员身上测试它的问题就是代币。 我使用的是cognitoUser.signInUserSession.accessToken.jwtToken，但应该是cognitoUser.signInUserSession.idToken.jwtToken

---

现在一切正常。

你也能分享这个文件吗？我对Serverless很新，好吗？据我所知，我没有使用任何招摇过市的文件。好的，不用担心。最后，我做完了。我刚刚加了。谢谢你告诉我如何提供这些信息=你也能分享这个文件吗？我对Serverless很新，好吗？据我所知，我没有使用任何招摇过市的文件。好的，不用担心。最后，我做完了。我刚刚加了。谢谢你还说了如何提供这些信息=希望我能不止一次地投票，我花了好几个小时的时间来反对完全相同的问题希望我能不止一次地投票，我花了好几个小时来反对完全相同的问题

provider:
  name: aws
  runtime: nodejs10.x
  stage: dev
  region: eu-west-1
  environment: 
    MY_TABLE: ${self:custom.myStage}_${self:custom.settings.tb_items}
    MY_STAGE: ${self:custom.myStage}
    MY_DOMAIN: ${self:custom.myDomain}
  iamRoleStatements:
    - Effect: "Allow"
      Action:
        - "dynamodb:GetItem"
        - "dynamodb:PutItem"
        - "dynamodb:UpdateItem"
        - "dynamodb:DeleteItem"
        - "dynamodb:Scan"
      Resource: "*"

functions:
  hello:
    handler: ${self:custom.pathFunc}/phraseOption.hello
    events:
      - http: 
          method: GET 
          path: hello
          cors: true
          integration: lambda-proxy
          authorizer:
            type: COGNITO_USER_POOLS
            authorizerId:
              Ref: ApiGatewayAuthorizer

resources:
  Resources:
    CognitoUserPool:
      Type: "AWS::Cognito::UserPool"
      DeletionPolicy: Retain
      Properties:
        MfaConfiguration: OFF
        UserPoolName: ${self:custom.myStage}_aePool
        EmailVerificationSubject: 'Your verification Code'
        EmailVerificationMessage: 'Use this code to confirm your sign up {####}'
        AutoVerifiedAttributes:
          - email
        UsernameAttributes:
          - email
        Policies:
          PasswordPolicy:
            MinimumLength: 6
            RequireLowercase: False
            RequireNumbers: False
            RequireSymbols: False
            RequireUppercase: False
    CognitoUserPoolClient:
      Type: "AWS::Cognito::UserPoolClient"
      DeletionPolicy: Retain
      Properties:
        ClientName: ${self:custom.myStage}_aePoolClient
        GenerateSecret: False
        UserPoolId:
          Ref: CognitoUserPool
    ApiGatewayAuthorizer: 
      Type: AWS::ApiGateway::Authorizer
      Properties: 
        Name: CognitoUserPool
        Type: COGNITO_USER_POOLS
        IdentitySource: method.request.header.Authorization
        RestApiId: 
          Ref: ApiGatewayRestApi
        ProviderARNs: 
          - Fn::GetAtt:
              - CognitoUserPool
              - Arn

module.exports.hello = (event, context, callback) => {
  const response = {
    statusCode: 200,
    body: JSON.stringify({
      message: 'Your function executed successfully!',
      input: event,
    }),
  };

  callback(null, response);
};

---
swagger: "2.0"
info:
  version: "2019-10-07T21:24:17Z"
  title: "XXXXXX"
host: "XXXXXX"
basePath: "/dev"
schemes:
- "https"
paths:
  /getPhrase:
    get:
      responses: {}
    options:
      consumes:
      - "application/json"
      produces:
      - "application/json"
      responses:
        200:
          description: "200 response"
          headers:
            Access-Control-Allow-Origin:
              type: "string"
            Access-Control-Allow-Methods:
              type: "string"
            Access-Control-Allow-Credentials:
              type: "string"
            Access-Control-Allow-Headers:
              type: "string"
  /hello:
    get:
      responses: {}
      security:
      - CognitoUserPool: []
  /item:
    post:
      responses: {}
    options:
      consumes:
      - "application/json"
      produces:
      - "application/json"
      responses:
        200:
          description: "200 response"
          headers:
            Access-Control-Allow-Origin:
              type: "string"
            Access-Control-Allow-Methods:
              type: "string"
            Access-Control-Allow-Credentials:
              type: "string"
            Access-Control-Allow-Headers:
              type: "string"
  /item/{itemId}:
    get:
      responses: {}
    put:
      responses: {}
    delete:
      responses: {}
    options:
      consumes:
      - "application/json"
      produces:
      - "application/json"
      responses:
        200:
          description: "200 response"
          headers:
            Access-Control-Allow-Origin:
              type: "string"
            Access-Control-Allow-Methods:
              type: "string"
            Access-Control-Allow-Credentials:
              type: "string"
            Access-Control-Allow-Headers:
              type: "string"
  /items:
    get:
      responses: {}
    options:
      consumes:
      - "application/json"
      produces:
      - "application/json"
      responses:
        200:
          description: "200 response"
          headers:
            Access-Control-Allow-Origin:
              type: "string"
            Access-Control-Allow-Methods:
              type: "string"
            Access-Control-Allow-Credentials:
              type: "string"
            Access-Control-Allow-Headers:
              type: "string"
securityDefinitions:
  CognitoUserPool:
    type: "apiKey"
    name: "Authorization"
    in: "header"
    x-amazon-apigateway-authtype: "cognito_user_pools"