By using AWS re:Post, you agree to the Terms of Use
AWS re:Postre:Post

API Gateway - JWT Authorizer - unable to decode "n" from RSA public key

0

I have trouble getting the JWT Authorizer on my API Gateway working. The API Gateway works fine, when I remove the authorizer, so the problem should be with the authorizer.

I am using OpenID token which I get from Cognito Identity GetOpenIdTokenForDeveloperIdentity request.

All the request just respond with the following (excerpt from curl -i output):

www-authenticate: Bearer scope="authenticated" error="invalid_token" error_description="unable to decode "n" from RSA public key"


{"message":"Unauthorized"}

As far as I understand the error_description complains about not being able to read the "n" parameter from here. But since I have no control over this, I'm unsure what I need to do to get this working.

Topics
ServerlessFront-End Web & MobileNetworking & Content DeliverySecurity, Identity, & Compliance
Tags
Amazon API GatewayAmazon Cognito
Language
English
Faerbit
asked 2 years ago236 views
1 Answer
1

Get the certificate from the user pool that generated the toekn: https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-verifying-a-jwt.html https://cognito-idp.{region}.amazonaws.com/{userPoolId}/.well-known/jwks.json

and Generating a correct signature requires a host header: httpRequest.headers.host = 'xxxxxxx.execute-api.region.amazonaws.com'

AWS
Rogerio Kasa
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content