Reputation: 79
I'm trying to hook up my GO web server to Amazon Cognito for auth. I'm using the jwt-middleware from gorilla. I'm also following the guide from AuthO: https://auth0.com/docs/quickstart/backend/golang/01-authorization
The guide creates a cert using the following:
for k, _ := range jwks.Keys {
if token.Header["kid"] == jwks.Keys[k].Kid {
cert = "-----BEGIN CERTIFICATE-----\n" + jwks.Keys[k].X5c[0] + "\n-----END CERTIFICATE-----"
}
}
AWS says to get your JWKs file using https://cognito-idp.{region}.amazonaws.com/{userPoolId}/.well-known/jwks.json
I did that but my file is missing the X5c field. It looks like:
{
"keys": [{
"alg": "RS256",
"e": "AQAB",
"kid": "abcdefghijklmnopqrsexample=",
"kty": "RSA",
"n": "lsjhglskjhgslkjgh43lj5h34lkjh34lkjht3example",
"use": "sig"
}, {
"alg":
"RS256",
"e": "AQAB",
"kid": "fgjhlkhjlkhexample=",
"kty": "RSA",
"n": "sgjhlk6jp98ugp98up34hpexample",
"use": "sig"
}]
}
How am I supposed to verify the signature of the token sent in through the Authorization header sent by the client using this file?
Thank you for your help!
Upvotes: 2
Views: 780
Reputation: 1623
You need to convert the key to PEM
format for use with any OpenSSL or crypto library. In javascript, I used the jwk-to-pem
package for node. Which never uses the x5c
prop, it uses the n
prop on the JWK, which contains the value for the RSA public key.
Upvotes: 0
Reputation: 415
Check this thread out How to verify a JWT Token from AWS Cognito in Go?
JWT Middleware "github.com/auth0/go-jwt-middleware" used in your example is deeply rooted in how auth.com service handles JWT and may not fully apply to other providers and services.
Upvotes: 0