如何在 API 后端从 AWS Cognito 验证 JWT? [英] How to verify JWT from AWS Cognito in the API backend?

查看:35
本文介绍了如何在 API 后端从 AWS Cognito 验证 JWT?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在构建一个由 Angular2 单页应用程序和在 ECS 上运行的 REST API 组成的系统.API 在 .Net/Nancy 上运行,但这很可能会改变.

I'm building a system consisting of an Angular2 single page app and a REST API running on ECS. The API runs on .Net/Nancy, but that might well change.

我想尝试一下 Cognito,这就是我想象的身份验证工作流程:

I would like to give Cognito a try and this is how I imagined the authentication workflow:

  1. SPA 登录用户并接收 JWT
  2. SPA 将 JWT 随每个请求发送到 REST API
  3. REST API 验证 JWT 是真实的

我的问题是关于第 3 步.我的服务器(或者更确切地说:我的无状态、自动缩放、负载平衡的 Docker 容器)如何验证令牌是真实的?由于服务器"尚未发布 JWT 本身,它不能使用自己的秘密(如基本 JWT 示例中所述此处).

My question is about step 3. How can my server (or rather: my stateless, auto-scaled, load-balanced Docker containers) verify that the token is authentic? Since the "server" hasn't issued the JWT itself, it can't use its own secret (as described in the basic JWT example here).

我已经通读了 Cognito 文档并在谷歌上搜索了很多,但我找不到关于如何在服务器端处理 JWT 的任何好的指南.

I have read through the Cognito docs and googled a lot, but I can't find any good guideline about what to do with the JWT on the server side.

推荐答案

原来我没有正确阅读文档.它解释了 此处(向下滚动到在您的 Web API 中使用 ID 令牌和访问令牌").

Turns out I didn't read the docs right. It's explained here (scroll down to "Using ID Tokens and Access Tokens in your Web APIs").

API 服务可以下载 Cognito 的机密并使用它们来验证收到的 JWT.完美.

The API service can download Cognito's secrets and use them to verify received JWT's. Perfect.

编辑

@Groady 的评论很重要:但是如何验证令牌?我会说使用经过实战考验的库,例如 jose4jnimbus(都是 Java),不要自己从头开始验证.

@Groady's comment is on point: but how do you validate the tokens? I'd say use a battle-tested library like jose4j or nimbus (both Java) for that and don't implement the verification from scratch yourself.

这里是使用 Spring Boot 的示例实现当我最近不得不在 java/dropwizard 服务中实现它时,nimbus 让我开始了.

Here's an example implementation for Spring Boot using nimbus that got me started when I recently had to implement this in java/dropwizard service.

这篇关于如何在 API 后端从 AWS Cognito 验证 JWT?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆