Skip to content
This repository has been archived by the owner on Oct 4, 2024. It is now read-only.

Create decode-verify-jwt.js #125

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Create decode-verify-jwt.js #125

wants to merge 2 commits into from

Conversation

naphtul
Copy link

@naphtul naphtul commented Jun 5, 2020

Description of changes:

This is a code example in node.js 12, implementing id token verification using the jose library.
Please review and include with your examples.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@naphtul
Create decode-verify-jwt.js
2c85053 
This is a code example in node.js 12, implementing id token verification using the jose library.
Please review and include with your examples.
@naphtul
Copy link
Author

naphtul commented Jan 12, 2021

@joshua-at-aws, can you please review this PR?

mcseemz
mcseemz reviewed Feb 1, 2021
View reviewed changes
Cognito/decode-verify-jwt/decode-verify-jwt.js Outdated
try {
const token = await extractToken(event);
keyStore = await getPublicKeysIfNotCached(keyStore);
const decryptedToken = await verifyIdToken(token, keyStore, cognitoIssuer, cognitoClientId);
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hello!
You have decryptedToken redefined here. const should be removed, to unblock the initial definition on line 62.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks. Done.

@naphtul
Update decode-verify-jwt.js
c915845 
Per comment from code review: removed redefining the variable.
@yesitskev
Copy link

@naphtul can I recommend that the handler be passed the token directly, reason being that using WebSockets on APIGateWayV2 only has the option of passing tokens using query parameters. Headers are unsupported :(

@naphtul
Copy link
Author

naphtul commented Feb 25, 2021

@naphtul can I recommend that the handler be passed the token directly, reason being that using WebSockets on APIGateWayV2 only has the option of passing tokens using query parameters. Headers are unsupported :(

@kevelbreh
This is merely an example of how to achieve JWT based authentication in NodeJS (and how I did it in my app, using API GW v1). Feel free to contribute to this pull request, or fork it and provide a solution that works best for you and API GW v2 users.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@mcseemz mcseemz mcseemz left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@naphtul @yesitskev @mcseemz