Nightly Perpetrated Mischief

    cognito-jwt-verifier
    TypeScript icon, indicating that this package has built-in type declarations

    2.0.0 • Public • Published

    cognito-jwt-verifier

    Verifies and decodes an AWS Cognito JWT token.

    Warning AWS now supports their own library for this purpose. You likely want to use it instead:

    aws-jwt-verify

    Installation

    yarn add cognito-jwt-verifier

    npm install cognito-jwt-verifier

    Usage

    Simple example:

    import CognitoJwtVerifier from "cognito-jwt-verifier";
    const verifier = new CognitoJwtVerifier();
    
    verifier.verifyToken({
    	token: 'AwsCognitoToken',
    	aws_region: 'us-east-1',
    	userpool_id: 'AwsUserpoolId',
    	userpool_client_id: 'AwsUserpoolClientId'
    }).then((decoded_token)=>{
    	// Token is valid
    	console.log(decoded_token);
    }).catch((err)=>{
    	// Token is invalid or another error occurred
    	console.error(err)
    });

    What it does

    This package is based on information from the following AWS documentation: https://aws.amazon.com/premiumsupport/knowledge-center/decode-verify-cognito-json-token/

    It performs the following tasks:

    1. Reads the kid(key ID) from the token header, and uses it to retrieve the correct public key from AWS.
    2. Uses the public key and the token to verify the token signature, using jsonwebtoken.
    3. Checks that the token expiry timestamp is still a time in the future.
    4. Checks that the aud token property matches the ID of the intended AWS userpool client.

    If you believe there may be a security flaws in this implementation, please open an issue ASAP.

    API

    CognitoJwtVerifier

    verifyToken({ token, aws_region, userpool_id, userpool_client_id })

    • token (string) - The AWS Cognito token to be verified.
    • aws_region (string) - The AWS region the userpool is located in.
    • userpool_id (string) - The ID of the userpool to be verified against.
    • userpool_client_id (string) - The ID of the userpool client to be verified against.

    returns a promise:

    • Resolves with: (Object) The decoded JWT token.

    Project Links

    Author

    Travis Wimer

    License

    MIT. Copyright © 2022 Travis Wimer

    Install

    npm i cognito-jwt-verifier

    DownloadsWeekly Downloads

    59

    Version

    2.0.0

    License

    MIT

    Unpacked Size

    25.6 kB

    Total Files

    10

    Last publish

    Collaborators

    • traviswimer