loading...

One JWT to rule them all.

adimension_io profile image Adam 惻2 min read

Okay let's setup the scenario here.

Let's say you have a Node.js API and some front end framework, and you are using AWS Cognito to handle the authentication dance šŸ’ƒ via the client side SDK either through Amplify or some other means.

Now you also want to authenticate your API calls against the same user, against the same token. This easily done by using that JWT and a JWKS on the server side to validate the JWT signature.

I'll show you how via a typical middleware.

First head over to jwt.io, this amazing tool will decode your JWT into something readable like šŸ‘‡

Alt Text

On to the Node.js middleware

Let's start with a class so we can define some protected functions. You could also just do functional programming here too. Whatever floats your boat ā›µ

Using Jose it would look something like this to authenticate the token and either return the validated signature or fail.
Alt Text

You may need to get the token from the head in a more specific way like so.

    let token = context?.request?.headers().authorization || ''
    // Remove "Bearer " from start of token
    return (token = token.substring(7, token.length)) 
Enter fullscreen mode Exit fullscreen mode

From here is just a matter of context depending on what language you are using.

I hope this help some one who has read the below AWS cognito guide and found that to be underwhelming.

šŸ––

References
AWS Guide - Jose

Discussion

pic
Editor guide