1 réponse
- Le plus récent
- Le plus de votes
- La plupart des commentaires
1
Yes, you are correct. When you call the GetUser() API, Cognito verifies the access token to make sure that it is unexpired and has a valid signature. You do not need to perform JWKS verification on the access token beforehand, as Cognito will handle the validation internally. By calling the GetUser() API, you can both retrieve the user attributes and ensure that the access token is unexpired and has a valid signature, as well as check that it has not been revoked. This makes the use of a user pool authorizer optional, as you can still accomplish the same tasks without it.
répondu il y a un an
Contenus pertinents
- demandé il y a un an
- demandé il y a 7 mois
- Réponse acceptéedemandé il y a 8 mois
- AWS OFFICIELA mis à jour il y a 2 ans
Thank you very much! I wrote feedback on the GetUser API document - it would be cool to have that explicitly stated there.