API Gateway - JWT Authorizer - unable to decode "n" from RSA public key


I have trouble getting the JWT Authorizer on my API Gateway working. The API Gateway works fine, when I remove the authorizer, so the problem should be with the authorizer.

I am using OpenID token which I get from Cognito Identity GetOpenIdTokenForDeveloperIdentity request.

All the request just respond with the following (excerpt from curl -i output):

www-authenticate: Bearer scope="authenticated" error="invalid_token" error_description="unable to decode "n" from RSA public key"


As far as I understand the error_description complains about not being able to read the "n" parameter from here. But since I have no control over this, I'm unsure what I need to do to get this working.

1 Answer

Get the certificate from the user pool that generated the toekn: https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-verifying-a-jwt.html https://cognito-idp.{region}.amazonaws.com/{userPoolId}/.well-known/jwks.json

and Generating a correct signature requires a host header: httpRequest.headers.host = 'xxxxxxx.execute-api.region.amazonaws.com'

answered 3 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions