CODEWITHSUNDEEP
spring-bootamazon-cognito
max v
max v

Reputation: 23

Cognito jwt token validation throwing 400 error

I am new using AWS Cognito. I have a springboot application where I am using aws cognito as our authentication provider. I have configured cognito and login works perfectly that return access token and id token. However when I am trying to validate that access token via cognito I am getting 400 IOException.

Caused by: java.io.IOException: Server returned HTTP response code: 400 for URL: https://cognito-idp.{region}.amazonaws.com/{poolid}/.well-known/jwks.json
    at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1997)
    at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1589)
    at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:224)
    at com.nimbusds.jose.util.DefaultResourceRetriever.getInputStream(DefaultResourceRetriever.java:305)
    at com.nimbusds.jose.util.DefaultResourceRetriever.retrieveResource(DefaultResourceRetriever.java:257)
    at com.nimbusds.jose.jwk.source.RemoteJWKSet.updateJWKSetFromURL(RemoteJWKSet.java:305)

Upvotes: 0

Views: 283

Answers (1)

Gary Teichrow
Gary Teichrow

Reputation: 81

I think that in your URL you still have the template variables from the example you copied from (e.g. {region} and {poolid}. Those tokens need to be replaced with actual values from your cognito settings so the ultimate URL is, for example:

https://cognito-idp.us-east-1.amazonaws.com/us-east-1_xxxxxxxxx/.well-known/jwks.json

The IOException is likely caused by the invalid URL.

Upvotes: 0

Related Questions