0.1.1 • Published 4 years ago
express-cognito-jwt-verifier v0.1.1
express-cognito-jwt-verifier
An express JS middleware for authenticating requests containing AWS Cognito JWT as authentication mechanism.
This library handles : 1. downloading, loading, reading and storing JWKs. JWKs are converted to PEM formatted public keys. This public key is used to verify the JWT in the request. 2. Verification of JWT by checking its structure, signature, issuer, audience, token type, expiration and any other validation required.
Getting Started
Get started by installing the library as a dependency for your project.
npm install --save express-cognito-jwt-verifierUsage
// import module
const {AwsCognitoJwtVerifier} = require('express-cognito-jwt-verifier');
const express = require('express');
const app = express();
// create and setup an instance of AwsCognitoJwtVerifier.
// new AwsCognitoJwtVerifier(options)
const awsCognitoJwtVerifier = new AwsCognitoJwtVerifier({
keyDir: 'keys',
userPoolId: '<userpool id>',
region: 'us-east-1',
clientId: '<client id>',
acceptType: 'access'
});
// use verifier() method as a middleware for express app
app.use(awsCognitoJwtVerifier.verifier);
app.get('/protected-route', (req, res) => {
res.status(200).send('OK');
});
// call setup() method for initial setup of middleware.
// it returns a Promise. Use .then() or async/await.
// make sure setup() is resolved before calling listen() on express app.
awsCognitoJwtVerifier.setup()
.then((err) => {
if (err) {
console.log(err);
}
app.listen(9000, () => console.log('Server started'));
})
.catch(err => console.error(err));Options
keyDirrequired- Valid path to directory which will be used to store JWKS.userPoolIdrequired - AWS Cognito user pool ID.regionrequired - Region for AWS Cognito user pool.clientIdrequired - Client ID of the underlying app client, using the provided user pool.acceptTyperequired - Defined the usage of JWT. If you are accepting only Access Token useaccesselse if using ID Token useid. If your app uses both JWTs, useaccess-id.