How to get Cognito Identity Id in backend that is requested by AWS API Gateway?

Question

I use AWS Cognito authentication in my web application. I have a PHP backend with REST API. After user authentication I make requests to AWS API Gateway using this library. API Gateway methods has HTTP integration type. They proxy HTTP requests to my PHP backend. How to get Cognito Identity Id in my PHP backend? I need to set a relation reference to the Cognito user in my backend.

Answer 1

API Gateway makes the caller's identity id available in the request context. Assuming you are using Cognito Identity Pool (federation) you are looking for this property: $context.identity.cognitoIdentityId.

You could configure API Gateway to send the value of the identity id in a new header to your backend. To achieve this you have to:

1. Open the integration request pane of the method configuration
2. Expand the HTTP headers section and click the "Add header" link
3. Give you header a name, such as X-Cognito-Identity-Id
4. In the "mapped from" field use the following expression: context.identity.cognitoIdentityId
5. Use the checkmark link on the right to save the configuration changes.

Re-deploy the API and your PHP backend should start receiving the additional header populated with the Cognito identity id from the original request.

Answer 2

For those for who the answer provided by @stefano didn't work, you can replace the context variable context.identity.cognitoIdentityId with context.authorizer.claims.sub.

header name: X-Cognito-User-Id //or any name that you prefer

mapped from: context.authorizer.claims.sub // returns cognito user id.