cancel
Showing results for 
Search instead for 
Did you mean: 

Validate JWT issued by Cognito

JulianH
New Contributor

We have an application that we have created in AWS that uses Cognito for authn and authz. The application retrieves data with SnapLogic as middleware using triggered tasks. To secure our data we want Snap to validate a JWT issued by Cognito - validation initially being limited to checking that the token has not expired, the and that the issuer and client claims match what we expect.

I don’t think that the JWT Validate snap is suitable for this task as it requires an account set up using a private key, which we don’t have and can’t obtain.

Am I correct in thinking this and what, if any, solutions are possible?

3 REPLIES 3

Aleksandar_A
Contributor III

Hi @JulianH,

If your JWT payload is not encrypted and it’s just Base64 encoded, you can use a Mapper Snap to decode and parse it as JSON so later on, downstream you will be able to do the validations.

Let say that we have a JWT with the following claims in the payload:
image

We can decode it’s payload within SnapLogic with the following expression:

JSON.parse(Base64.decode($token.split(".")[1]))

Where $token is the JWT you get with the request.

Let me know if this helps you.

BR,
Aleksandar.

Hi @AleksandarAngelevski

Thanks for this - we’ll give it a go.

As far as I can tell, the header and payload elements of the JWT token are Base64 encoded which means they can be decoded and parsed using this method, but we can’t verify the signature which is kind of important if we are to trust the token.

In order to verify the signature, you need the key. So it goes back to using the JWT Validate Snap.