How to recognize user by Authorize token

[cenxui]

Thank you for reading this issue, the scenario is below.

User send a request by jwt.Token belong to Cogntio User Pool to API Gateway which is authorized but cannot recognize the request belonge to which user.
The "events.APIGatewayProxyResponse" doesn't provide information by default like there openId, email, etc.

How could I recognize user by Authorize token?

[piotrkubisa]

As you know, in the payload of the AWS Lambda event there isn't much data about who exactly was trying to get some resource from your API while identifying via Authorization header. Thanks to that "feature" Lambda "acts" universally. And that is great, because you are not not obliged to use AWS Cognito service in your authorizer (not very tight vendor lock-in I'd say).

Please note: There are few ways to authenticate and/or authorize user in API Gateway, such as:

1. Authorizer with Type: "COGNITO_USER_POOLS", extracting claims in the Lambda handler.
2. Custom Lambda authorizers with Type: "REQUEST" or Type: "TOKEN", i.e. which will extract interesting claims from JWT and pass them further in the request context - follow instruction on AWS Knowledge Center.
3. Handling authorization directly in the Lambda handler - a.b.
4. Authentication based on API Keys generated by API Gateway.
5. Authentication based on AWS Credentials.

In case of scenario 1.: You have a lot of information about identity in events.APIGatewayRequestIdentity. If you need some extra information, then it you may try to parse the JWT token (Authorization header) with disabled validation (to do not do it twice) and extract claims as a map.

Edit: make answer a bit more clear.