![]() ![]() Next, create a file to verify the token with the name is verify-token. To use the Python JWT module, you will need to install it first. It is built on top of the JWT, JWS, and JWK specifications and supports a number of cryptographic algorithms, including HMAC, RSA, and ECDSA. How to verify Cognito tokens?įirst, you need to install the following 2 packages jsonwebtoken The Python JWT module is a library for generating and verifying JSON Web Tokens (JWT) in Python. Please create a jwks.json file with the required public key content. Find the kid in the public key that matches the kid after deciding. Do you ask the question which public key do we use? So how do we know which key we will use?įirst, go to the page JWT, then you paste your id-token.Īfter decoding you will see a kid. In the results above, we see that there are 2 public keys. Using a web browser or Postman in the URL format below: After you send the request, you will get the result as below: To get the public keys we can have 2 ways. It is possible to forge signatures, even stolen credentials, but they cannot forge signatures from Cognito. So there is no way to spoof the signature.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |