Authenticate Apollo Client to AWS AppSync with Cognito User Pools


I am trying to connect to my AWS AppSync API using the plain Apollo Client but I am not sure how to structure the authentication header correctly.

So far I have followed the header authentication documentation here:

And have this code, which I adapted to include the token call to the Amplify authentication service but it returns a 401 error:

The only documentation I can find relating to this doesn’t provide any technical instructions:

When using Amazon Cognito User Pools, you can create groups that users
belong to. This information is encoded in a JWT token that your
application sends to AWS AppSync in an authorization header when
sending GraphQL operations.

From here:

I know that token is fine because if I use the AppSync JavaScript API then it works. Is there anywhere I can go to find out how to achieve this or does someone know how?


So far i have tried changing this line:

The following attempts:

None of these have worked either.


Disclaimer: Never tried it, but here is what I would do:

Check out the AppSync Client code here as a foundation for creating a an Authentication link for Apollo Client and the AppSync server. It looks like that code provides the scaffolding for each of the available authentication methods.

Specifically, if you are trying to use the OPENID_CONNECT method of authentication, it appears as if the JWT token does not need to be prepended by Bearer (line 156).

Leave a Reply