1 Resposta
- Mais recentes
- Mais votos
- Mais comentários
1
Yes, you are correct. When you call the GetUser() API, Cognito verifies the access token to make sure that it is unexpired and has a valid signature. You do not need to perform JWKS verification on the access token beforehand, as Cognito will handle the validation internally. By calling the GetUser() API, you can both retrieve the user attributes and ensure that the access token is unexpired and has a valid signature, as well as check that it has not been revoked. This makes the use of a user pool authorizer optional, as you can still accomplish the same tasks without it.
respondido há um ano
Conteúdo relevante
- AWS OFICIALAtualizada há 3 meses
Thank you very much! I wrote feedback on the GetUser API document - it would be cool to have that explicitly stated there.