where can I find the secret key for the JWT from cognito

Question

I am trying out the log in function for the Cognito User Pool for my Web App. I was able to obtain the Token but I am not sure where to find the secret to decode it. I\'ve rea

Answer 1

AWS uses RS256 algorithm which does not require secret but public key to decode.

Here you will find JWKS of your pool: https://cognito-idp.{region}.amazonaws.com/{userPoolId}/.well-known/jwks.json (See http://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html#amazon-cognito-identity-user-pools-using-id-and-access-tokens-in-web-api)

And here is described process of transforming JWK to the public key: https://mobile.awsblog.com/post/Tx3JK25U7Z9EUIU/Integrating-Amazon-Cognito-User-Pools-with-API-Gateway (under section "Understanding the code").