where can I find the secret key for the JWT from cognito

后端 未结 4 1769
天涯浪人
天涯浪人 2021-02-13 20:21

I am trying out the log in function for the Cognito User Pool for my Web App. I was able to obtain the Token but I am not sure where to find the secret to decode it. I\'ve rea

4条回答
  •  失恋的感觉
    2021-02-13 21:05

    AWS uses RS256 algorithm which does not require secret but public key to decode.

    Here you will find JWKS of your pool: https://cognito-idp.{region}.amazonaws.com/{userPoolId}/.well-known/jwks.json (See http://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html#amazon-cognito-identity-user-pools-using-id-and-access-tokens-in-web-api)

    And here is described process of transforming JWK to the public key: https://mobile.awsblog.com/post/Tx3JK25U7Z9EUIU/Integrating-Amazon-Cognito-User-Pools-with-API-Gateway (under section "Understanding the code").

提交回复
热议问题