Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Cognito OAuth access token missing "typ" header parameter

0

The access tokens supplied by Cognito are missing the "typ" header parameter which breaks with the RFC 9068 OAuth2.0 JWT spec. It states that:

"JWT access tokens MUST include this media type in the "typ" header parameter to explicitly declare that the JWT represents an access token complying with this profile."

Themen
Sicherheit, Identität & Konformität
Tags
Amazon Cognito
Sprache
English
Jon
gefragt vor 2 Monaten138 Aufrufe
1 Antwort
0

RFC 9068 was published in October 2021 with these snippets in the Introduction setting the stage for standardization.

The original OAuth 2.0 Authorization Framework [RFC6749] specification does not mandate any specific format for access tokens. [...] This specification aims to provide a standardized and interoperable profile as an alternative to the proprietary JWT access token layouts going forward.

If you need to determine if a token is an access token, Amazon Cognito issued JWTs include a token_use claim as part of the payload with the value access or id (see Using the access token ).

profile pictureAWS
hakanson
beantwortet vor 2 Monaten
profile picture
EXPERTE
Osvaldo Marte
überprüft vor 2 Monaten
  • Jon
    vor 2 Monaten

    Is there a plan for Cognito to adhere to the JWT spec or will it continue with it's proprietary implementation? It is currently incompatible with tooling that adheres to RFC9068

  • hakanson
    vor 2 Monaten

    Jon - please contact your AWS account team about Cognito feature roadmap. Share this link and let them know to contact me for additional background.

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt