Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

API Gateway - JWT Authorizer - unable to decode "n" from RSA public key

0

I have trouble getting the JWT Authorizer on my API Gateway working. The API Gateway works fine, when I remove the authorizer, so the problem should be with the authorizer.

I am using OpenID token which I get from Cognito Identity GetOpenIdTokenForDeveloperIdentity request.

All the request just respond with the following (excerpt from curl -i output):

www-authenticate: Bearer scope="authenticated" error="invalid_token" error_description="unable to decode "n" from RSA public key"


{"message":"Unauthorized"}

As far as I understand the error_description complains about not being able to read the "n" parameter from here. But since I have no control over this, I'm unsure what I need to do to get this working.

Themen
ServerlosFrontend-Web & MobileVernetzung & Bereitstellung von InhaltenSicherheit, Identität & Konformität
Tags
Amazon API-GatewayAmazon Cognito
Sprache
English
Faerbit
gefragt vor 2 Jahren310 Aufrufe
1 Antwort
1

Get the certificate from the user pool that generated the toekn: https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-verifying-a-jwt.html https://cognito-idp.{region}.amazonaws.com/{userPoolId}/.well-known/jwks.json

and Generating a correct signature requires a host header: httpRequest.headers.host = 'xxxxxxx.execute-api.region.amazonaws.com'

AWS
Rogerio Kasa
beantwortet vor 2 Jahren

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt