GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → maximivanov → cognito-jwt-verifier

maximivanov / cognito-jwt-verifier

Licence: MIT license
Verify ID and access JWT tokens from AWS Cognito in your node/Lambda backend with minimal dependencies.

Programming Languages

javascript
184084 projects - #8 most used programming language

Labels

awsverifylambdajwtcognitovalidatedecodetokenjwks

Projects that are alternatives of or similar to cognito-jwt-verifier

verify-apple-id-token
Verify the Apple id token on the server side.
Stars: ✭ 49 (+96%)
Mutual labels:  verify, token
Jose
Universal "JSON Web Almost Everything" - JWA, JWS, JWE, JWT, JWK with no dependencies
Stars: ✭ 1,029 (+4016%)
Mutual labels:  verify, validate
camunda-platform-scenario
Easily execute Camunda process scenarios and verify your expectations with Given/Then/When style tests.
Stars: ✭ 58 (+132%)
Mutual labels:  verify
EOS-Proxy-Token
Proxy token to allow mitigating EOSIO Ram exploit
Stars: ✭ 22 (-12%)
Mutual labels:  token
cognito-srp
Go library for AWS Cognito SRP
Stars: ✭ 40 (+60%)
Mutual labels:  cognito
bec
BitEther Coin
Stars: ✭ 13 (-48%)
Mutual labels:  token
snapdragon-lexer
Converts a string into an array of tokens, with useful methods for looking ahead and behind, capturing, matching, et cetera.
Stars: ✭ 19 (-24%)
Mutual labels:  token
terraform-aws-cognito-user-pool
Terraform module to create Amazon Cognito User Pools, configure its attributes and resources such as app clients, domain, resource servers. Amazon Cognito User Pools provide a secure user directory that scales to hundreds of millions of users.
Stars: ✭ 65 (+160%)
Mutual labels:  cognito
Simple-Game-ERC-721-Token-Template
🔮 Very Simple ERC-721 Smart Contract Template to create your own ERC-721 Tokens on the Ethereum Blockchain, with many customizable Options 🔮
Stars: ✭ 83 (+232%)
Mutual labels:  token
azure-jwt-verify
Verify jwt token issued from azure active directory b2c service
Stars: ✭ 17 (-32%)
Mutual labels:  verify
tokenstealer
No description or website provided.
Stars: ✭ 16 (-36%)
Mutual labels:  token
FilterInputJs
Tiny and Powerful Library for limit an entry (text box,input) as number,string or more...
Stars: ✭ 37 (+48%)
Mutual labels:  validate
ethereum-crowdsale
0xcert protocol crowdsale contracts for Ethereum blockchain.
Stars: ✭ 15 (-40%)
Mutual labels:  token
swagger-editor-validate
This GitHub Actions validates OpenAPI (OAS) definition file using Swagger Editor.
Stars: ✭ 30 (+20%)
Mutual labels:  validate
ses-email-client
Simple, serverless client for AWS SES. With this, you can send/read emails received by SES into S3 without purchasing AWS Workmail. If you only use SES for email marketing, you can also see and preview your SES templates in the browser
Stars: ✭ 21 (-16%)
Mutual labels:  cognito
valite
🔥 Concurrently execute your validators in a simple, practical and light validator engine.
Stars: ✭ 20 (-20%)
Mutual labels:  validate
joken jwks
A Joken 2 hook for fetching the signer from a public JWKS url
Stars: ✭ 20 (-20%)
Mutual labels:  jwks
alcoholic jwt
Rust library for validation of RS256 JWTs. Source has moved to https://git.tazj.in/tree/net/alcoholic_jwt
Stars: ✭ 18 (-28%)
Mutual labels:  jwks
talos
Elixir parameter validation library. Simple and extensible
Stars: ✭ 23 (-8%)
Mutual labels:  validate
terraform-aws-cognito-user-pool
A Terraform module to create and manage Cognito User Pools (Simple and Secure User Sign-Up, Sign-In, and Access Control) on Amazon Web Services (AWS). https://aws.amazon.com/cognito
Stars: ✭ 46 (+84%)
Mutual labels:  cognito
View All Similar Projects ➔

cognito-jwt-verifier

Verify ID and access JWT tokens from AWS Cognito in your node/Lambda backend with minimal npm dependencies.

Why this library? I couldn't find anything checking all the boxes for me:

  • minimal dependencies
  • framework agnostic
  • JWKS (public keys) caching
  • test coverage

Getting Started

Prerequisites

  • Node.js version >=10.13.0

Installing

npm i @southlane/cognito-jwt-verifier

Usage

  1. Set up a Cognito User Pool. Note User Pool ID on the "General Settings" page in AWS Console.
  2. Within the User Pool, create an Application Client. Note App Client ID on the App Clients page.
  3. Fetch ID/access tokens. Either by making an AWS SDK / Amplify call or from a Hosted UI redirect.

Now you can programmatically verify issued ID and access tokens:

const {
  verifierFactory,
  errors: { JwtVerificationError, JwksNoMatchingKeyError },
} = require('@southlane/cognito-jwt-verifier')

// get a verifier instance. Put your config values here.
const verifier = verifierFactory({
  region: 'us-east-1',
  userPoolId: 'us-east-1_PDsy6i0Bf',
  appClientId: '5ra91i9p4trq42m2vnjs0pv06q',
  tokenType: 'id', // either "access" or "id"
})

// you can decode this token at jwt.io
const expiredToken =
  'eyJraWQiOiI0UFFoK0JaVExkRVFkeUM2b0VheVJDckVjblFDSXhqbFZFbTFVd2RhZ2ZNPSIsImFsZyI6IlJTMjU2In0.eyJhdF9oYXNoIjoiQlNFSWQ1bkYyN3pNck45QkxYLVRfQSIsInN1YiI6IjI0ZTI2OTEwLWU3YjktNGFhZC1hOTk0LTM4Nzk0MmYxNjRlNyIsImF1ZCI6IjVyYTkxaTlwNHRycTQybTJ2bmpzMHB2MDZxIiwiZXZlbnRfaWQiOiJiNmQ3YTYyZC01NGRhLTQ5ZTYtYTgzOS02NjUwNmYwYzIxYjUiLCJ0b2tlbl91c2UiOiJpZCIsImF1dGhfdGltZSI6MTU4NzMxMTgzOCwiaXNzIjoiaHR0cHM6XC9cL2NvZ25pdG8taWRwLnVzLWVhc3QtMS5hbWF6b25hd3MuY29tXC91cy1lYXN0LTFfUERzeTZpMEJmIiwibmFtZSI6Ik1heCBJdmFub3YiLCJjb2duaXRvOnVzZXJuYW1lIjoiMjRlMjY5MTAtZTdiOS00YWFkLWE5OTQtMzg3OTQyZjE2NGU3IiwiZXhwIjoxNTg3MzE1NDM4LCJpYXQiOjE1ODczMTE4MzgsImVtYWlsIjoibWF4QHNvdXRobGFuZS5jb20ifQ.GrlpeYQDwB81HjBZRkuqzw0ZXSGFBi_pbMoWC1QvHyPYrc6NRto02H4xgMls5OmCGa4bZBYWTT6wfo0bxuOLZDP__JRSfOyPUIbiAWTu1IiyAhbt3nlW1xSNSvf62xXQNveF9sPcvG2Gh6-0nFEUrAuI1a5QAVjXbp1YDDMr2TzrFrugW7zl2Ntzj42xWIq7P0R75S2JYVmBfhAxS6YNO1n8KpOFzxagxmn89leledx4PTxuOdWdmT6vZkW9q9QnOI9kjgUIxfWjx55205P4BwkOeqY7AN0j85LBwAHbhezfzNETybX1pwnMBh1p5_iLYgQMMZ60ZJseGl3cMRsPnQ'

try {
  const tokenPayload = await verifier.verify(expiredToken)
} catch (e) {
  if (
    e instanceof JwtVerificationError ||
    e instanceof JwksNoMatchingKeyError
  ) {
    // token is malformed, invalid, expired or cannot be validated with known keys
    // act accordingly, e.g. return HTTP 401 error
  }

  throw e
}

On successful verification tokenPayload will hold the body (payload) of the JWT:

{
  "at_hash": "BSEId5nF27zMrN9BLX-T_A",
  "sub": "24e26910-e7b9-4aad-a994-387942f164e7",
  "aud": "5ra91i9p4trq42m2vnjs0pv06q",
  "event_id": "b6d7a62d-54da-49e6-a839-66506f0c21b5",
  "token_use": "id",
  "auth_time": 1587311838,
  "iss": "https://cognito-idp.us-east-1.amazonaws.com/us-east-1_PDsy6i0Bf",
  "name": "Max Ivanov",
  "cognito:username": "24e26910-e7b9-4aad-a994-387942f164e7",
  "exp": 1587315438,
  "iat": 1587311838,
  "email": "[email protected]"
}

Errors Thrown

  • TypeError on invalid input arguments.
  • JwksFetchError on failed https request to fetch JSON Web Key Set.
  • JwksNoMatchingKeyError on JWT referencing key which is missing in the key set.
  • JwtVerificationError on failed JWT verification. Inspect error object's originalError property to find out verification error details.

Underlying Jose library may throw lower-level errors, like if you try to import invalid JWKS. https://github.com/panva/jose/blob/master/docs/README.md#errors. Those are not supposed to be thrown under normal course of operation and probably signify a programmer's error.

Leveraging Cache

Verifier instance you get from verifierFactory() call has an internal JWKS cache to avoid hitting the network on subsequent calls.

Make sure verifier instance is shared across verifier.verify() calls.

Running the Tests

Unit and Integration Tests

Run tests:

npm run test

Run tests with coverage report:

npm run test-coverage

Coding Style and Documentation Tests

Make sure code has no syntax errors and is properly formatted. Make sure docs are valid Markdown.

npm run lint

Security Tests

Make sure there are no known vulnerabilities in dependencies.

npm run audit-security

Built With

Dependency Graph

@southlane/[email protected] (2 deps, 280.94kb, 120 files)
╰─┬ [email protected] (1 dep, 266.29kb, 108 files)
  ╰── @panva/[email protected] (45.74kb, 18 files)

Getting Help

If you have questions, concerns, bug reports, etc, please file an issue in this repository's Issue Tracker.

Contributing

Please read CONTRIBUTING.md for details on our code of conduct, and the process for submitting pull requests to us.

Versioning

We use SemVer for versioning. For the versions available, see the releases on this repository.

License

This project is licensed under the MIT License - see the LICENSE.md file for details

Credits and references

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].