1 回答
- 最新
- 投票最多
- 评论最多
0
I don't think what you are trying to do is possible. The error indicate that the built in JWT authorizer can't read the public key. Normally it tries to fetch the keys from https://<iss>/.well-known/jwks.json
however the keys for https://cognito-identity.amazonaws.com
is different per region, tryin to fetch https://cognito-identity.amazonaws.com/.well-known/jwks.json
result in an access denied.
Instead try and verify using your own custom authorizer using the normal JWT validation steps.
1: Get OpenId config from: https://cognito-identity.amazonaws.com/.well-known/openid-configuration
2: Use the jwks_uri to fetch list of keys (e.g https://cognito-identity.amazonaws.com/.well-known/jwks_uri)
3: Use kid in token to get the correct key
4: Perform validation
相关内容
- AWS 官方已更新 3 年前
- AWS 官方已更新 3 个月前
- AWS 官方已更新 2 年前