1 Risposta
- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
1
Yes, you are correct. When you call the GetUser() API, Cognito verifies the access token to make sure that it is unexpired and has a valid signature. You do not need to perform JWKS verification on the access token beforehand, as Cognito will handle the validation internally. By calling the GetUser() API, you can both retrieve the user attributes and ensure that the access token is unexpired and has a valid signature, as well as check that it has not been revoked. This makes the use of a user pool authorizer optional, as you can still accomplish the same tasks without it.
con risposta un anno fa
Contenuto pertinente
- AWS UFFICIALEAggiornata 3 anni fa
Thank you very much! I wrote feedback on the GetUser API document - it would be cool to have that explicitly stated there.