This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

Validate JWT issued by Cognito

JulianH
New Contributor

โ€Ž04-27-2023 02:11 AM

We have an application that we have created in AWS that uses Cognito for authn and authz. The application retrieves data with SnapLogic as middleware using triggered tasks. To secure our data we want Snap to validate a JWT issued by Cognito - validation initially being limited to checking that the token has not expired, the and that the issuer and client claims match what we expect.

I donโ€™t think that the JWT Validate snap is suitable for this task as it requires an account set up using a private key, which we donโ€™t have and canโ€™t obtain.

Am I correct in thinking this and what, if any, solutions are possible?

0 Kudos
3 REPLIES 3

AleksandarAngel
Contributor III

โ€Ž04-27-2023 02:25 AM

Hi @JulianH,

If your JWT payload is not encrypted and itโ€™s just Base64 encoded, you can use a Mapper Snap to decode and parse it as JSON so later on, downstream you will be able to do the validations.

Let say that we have a JWT with the following claims in the payload:
image

We can decode itโ€™s payload within SnapLogic with the following expression:

JSON.parse(Base64.decode($token.split(".")[1]))

Where $token is the JWT you get with the request.

Let me know if this helps you.

BR,
Aleksandar.

0 Kudos

JulianH
New Contributor
In response to AleksandarAngel

โ€Ž04-27-2023 06:19 AM

Hi @AleksandarAngelevski

Thanks for this - weโ€™ll give it a go.

As far as I can tell, the header and payload elements of the JWT token are Base64 encoded which means they can be decoded and parsed using this method, but we canโ€™t verify the signature which is kind of important if we are to trust the token.

0 Kudos

AleksandarAngel
Contributor III
In response to JulianH

โ€Ž04-27-2023 07:32 AM

In order to verify the signature, you need the key. So it goes back to using the JWT Validate Snap.

0 Kudos