Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

cognito-jwt-lite

Package Overview
Dependencies
Maintainers
1
Versions
5
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

cognito-jwt-lite

Lightweight AWS Cognito JWT verifier

  • 1.0.0
  • Source
  • npm
  • Socket score
Version published
Weekly downloads
56
decreased by-45.1%
Maintainers
1
Weekly downloads
 
Created
Source

cognito-jwt-lite

npm bundle size npm Snyk Vulnerabilities for GitHub Repo

GitHub Workflow Status Coverage Duplicated Lines (%) Maintainability Rating Reliability Rating Security Rating Technical Debt Bugs Code Smells

Logo

Lightweight library to verify AWS Cognito JSON Web Tokens.

This package is implemented in typescript and provide its own type definitions.

Getting started

Install the package using yarn or NPM: npm i cognito-jwt-lite

Do not forget to install dependent types definitions as dev dependency if you are using Typescript: npm i -D @types/jsonwebtoken @types/jwk-to-pem.

In your authentication middleware decode and verify the token using:

import { verify } from 'cognito-jwt-lite';

const decoded = await verifyAzureToken(token, {
  issuer: `https://cognito-idp.${process.env.AWS_COGNITO_POOL_REGION}.amazonaws.com/${process.env.AWS_COGNITO_POOL_ID}`,
});

You can add any option supported by jsonwebtoken:

import { verify } from 'cognito-jwt-lite';

const decoded = await verifyAzureToken(token, {
  audience: process.env.JWT_AUD,
  issuer: `https://cognito-idp.${process.env.AWS_COGNITO_POOL_REGION}.amazonaws.com/${process.env.AWS_COGNITO_POOL_ID}`,
});

Additional options

  • Retries on 5xx: set the number of retries when request to fetch keys returns a 5xx response (defaults to 2)
import { verifyAzureToken } from 'cognito-jwt-lite';

const decoded = await verifyAzureToken(token, {
  maxRetries: 5,
  audience: process.env.JWT_AUD,
  issuer: process.env.JWT_ISS,
});

Error reference

The lib will throw the following errors if something wrong happends during decoding token:

  • InvalidToken: the token provided is not a non-empty string.
  • InvalidIssuer: the issuer does not match the pattern https://cognito-idp.<aws-region>.amazonaws.com/<pool-id>
  • TokenNotDecoded: the token cannot be decoded. This usually means the token is ill-formed.
  • MissingKeyID: no kid (Microsoft Key ID) field is present in JWT header.
  • ErrorFetchingKeys: API call to fetch Microsoft public keys failed.
  • NotMatchingKey: no matching key is found in Microsoft response.
  • JsonWebTokenError: token cannot be verified, the human-readable reason is provided (expired, audience mismatch etc...)

Keywords

FAQs

Package last updated on 12 Jan 2023

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Inside the Business of Ransomware: Insights from Reddit AMA with Ransomware Negotiators

Security News

Inside the Business of Ransomware: Insights from Reddit AMA with Ransomware Negotiators

Ransomware negotiators share how modern cybercriminals operate like corporations, using specialized teams, negotiation tactics, and reputation management.

By Sarah Gooding  -  Dec 17, 2024
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc