The latest articles on DEV Community by Adam (@adimension_io). https://dev.to/adimension_io https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F152236%2Fc7776d3d-256e-4f7a-bd01-7a43b4345813.png https://dev.to/adimension_io en Adam Mon, 26 Oct 2020 02:59:05 +0000 https://dev.to/adimension_io/one-jwt-to-rule-them-all-55ac https://dev.to/adimension_io/one-jwt-to-rule-them-all-55ac <p><em>Okay let's setup the scenario here.</em></p> <p>Let's say you have a Node.js API and some front end framework, and you are using AWS Cognito to handle the authentication dance 💃 via the client side SDK either through Amplify or some other means.</p> <p>Now you also want to <strong>authenticate</strong> your API calls against the <strong>same user</strong>, against the <strong>same token</strong>. This easily done by using that JWT and a JWKS on the server side to validate the JWT signature. </p> <p>I'll show you how via a typical middleware.</p> <p>First head over to <a href="https://jwt.io">jwt.io</a>, this amazing tool will decode your JWT into something readable like 👇</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--HY0EMORz--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/pxvqbad24evh7muafdbz.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--HY0EMORz--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/pxvqbad24evh7muafdbz.png" alt="Alt Text"></a></p> <p><em>On to the Node.js middleware</em></p> <p>Let's start with a class so we can define some protected functions. You could also just do functional programming here too. Whatever floats your boat ⛵</p> <p>Using <a href="https://github.com/panva/jose">Jose</a> it would look something like this to authenticate the token and either return the validated signature or fail.<br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--MPkDlovX--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/z8brq5fo3mv850o1z1fu.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--MPkDlovX--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/z8brq5fo3mv850o1z1fu.png" alt="Alt Text"></a></p> <p>You may need to get the token from the head in a more specific way like so.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> let token = context?.request?.headers().authorization || '' // Remove "Bearer " from start of token return (token = token.substring(7, token.length)) </code></pre> </div> <p>From here is just a matter of <strong>context</strong> depending on what language you are using.</p> <p>I hope this help some one who has read the below AWS cognito guide and found that to be underwhelming.</p> <p>🖖</p> <blockquote> <p>References<br> <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-verifying-a-jwt.html">AWS Guide</a> - <a href="https://github.com/panva/jose">Jose</a></p> </blockquote> cognito jwt jwks auth