AWS CLI and SDK support for validating Cognito tokens

0

Even though manually validating Cognito JWT (e.g. for my case of authenticating WebSocket connections) can be done by extracting the key ID from the token, getting the respective JWKS from Cognito and verifying the token validity using various existing libraries I don’t understand why AWS doesn’t support this as part of the CLI/SDK - this would both reduce the load on Cognito (as developers wouldn’t need to download the JWKS anymore) and simplify clients (that wouldn’t need to implement the validation anymore). Is there any chance to address this as part of the Cognito roadmap?

已提问 1 个月前168 查看次数
1 回答
0

The AWS JWT Verify library available on npm and source on GitHub does this.

JavaScript library for verifying JWTs signed by Amazon Cognito, and any OIDC-compatible IDP that signs JWTs with RS256 / RS384 / RS512.

Below is a basic usage example from the README, but there are other supported parameters and configuration options.

import { CognitoJwtVerifier } from "aws-jwt-verify";

// Verifier that expects valid access tokens:
const verifier = CognitoJwtVerifier.create({
  userPoolId: "<user_pool_id>",
  tokenUse: "access",
  clientId: "<client_id>",
});

try {
  const payload = await verifier.verify(
    "eyJraWQeyJhdF9oYXNoIjoidk..." // the JWT as string
  );
  console.log("Token is valid. Payload:", payload);
} catch {
  console.log("Token not valid!");
}
profile pictureAWS
已回答 1 个月前
profile picture
专家
已审核 1 个月前
  • Thanks for that, I didn’t manage to find a similar library for Go though, I suspect it’s a custom implementation for Type/JavaScript only?

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则