Validate JWT issued by Cognito

Question

We have an application that we have created in AWS that uses Cognito for authn and authz. The application retrieves data with SnapLogic as middleware using triggered tasks. To secure our data we want Snap to validate a JWT issued by Cognito - validation initially being limited to checking that the token has not expired, the  and that the issuer and client claims match what we expect.
I don’t think that the JWT Validate snap is suitable for this task as it requires an account set up using a private key, which we don’t have and can’t obtain.
Am I correct in thinking this and what, if any, solutions are possible?

aleksandar_a · Answer

Hi @JulianH,
If your JWT payload is not encrypted and it’s just Base64 encoded, you can use a Mapper Snap to decode and parse it as JSON so later on, downstream you will be able to do the validations.
Let say that we have a JWT with the following claims in the payload:

We can decode it’s payload within SnapLogic with the following expression:
JSON.parse(Base64.decode($token.split(".")[1]))

Where $token is the JWT you get with the request.
Let me know if this helps you.
BR,
Aleksandar.

julianh · Answer

Hi @AleksandarAngelevski
Thanks for this - we’ll give it a go.
As far as I can tell, the header and payload elements of the JWT token are Base64 encoded which means they can be decoded and parsed using this method, but we can’t verify the signature which is kind of important if we are to trust the token.

aleksandar_a · Answer

In order to verify the signature, you need the key.  So it goes back to using the JWT Validate Snap.

Forum Discussion

Validate JWT issued by Cognito

3 Replies

Recent Discussions

SFTP: Worked ok then settings changed not not working

SQS Consumer snap is ready all message at pipeline startup

Salesforce Update REST API Throughput

Using Windows Authentication with SQL Server Accounts

Preview not available for Flow snaps