Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

cognito-jwt-lite

Package Overview
Dependencies
Maintainers
0
Versions
5
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

cognito-jwt-lite

Lightweight AWS Cognito JWT verifier

  • 1.0.2
  • latest
  • Source
  • npm
  • Socket score
Version published
Weekly downloads
50
decreased by-50.98%
Maintainers
0
Weekly downloads
 
Created
Source

cognito-jwt-lite

npm npm bundle size npm semantic-release

Logo

Lightweight library to verify AWS Cognito JSON Web Tokens.

This package is implemented in typescript and provide its own type definitions.

Need lightweight lib to verify Azure AD tokens ? Check this out

Getting started

Install the package using yarn or NPM: npm i cognito-jwt-lite

Do not forget to install dependent types definitions as dev dependency if you are using Typescript: npm i -D @types/jsonwebtoken @types/jwk-to-pem.

In your authentication middleware decode and verify the token using:

import { verify } from 'cognito-jwt-lite';

const decoded = await verify(token, {
  issuer: `https://cognito-idp.${process.env.AWS_COGNITO_POOL_REGION}.amazonaws.com/${process.env.AWS_COGNITO_POOL_ID}`,
});

You can add any option supported by jsonwebtoken:

import { verify } from 'cognito-jwt-lite';

const decoded = await verify(token, {
  audience: process.env.JWT_AUD,
  issuer: `https://cognito-idp.${process.env.AWS_COGNITO_POOL_REGION}.amazonaws.com/${process.env.AWS_COGNITO_POOL_ID}`,
});

Additional options

  • Retries on 5xx: set the number of retries when request to fetch keys returns a 5xx response (defaults to 2)
import { verify } from 'cognito-jwt-lite';

const decoded = await verify(token, {
  maxRetries: 5,
  audience: process.env.JWT_AUD,
  issuer: process.env.JWT_ISS,
});

Error reference

The lib will throw the following errors if something wrong happends during decoding token:

  • InvalidToken: the token provided is not a non-empty string.
  • InvalidIssuer: the issuer does not match the pattern https://cognito-idp.<aws-region>.amazonaws.com/<pool-id>
  • TokenNotDecoded: the token cannot be decoded. This usually means the token is ill-formed.
  • MissingKeyID: no kid (Key ID) field is present in JWT header.
  • ErrorFetchingKeys: API call to fetch Cognito public keys failed.
  • NotMatchingKey: no matching key is found in Cognito response.
  • JsonWebTokenError: token cannot be verified, the human-readable reason is provided (expired, audience mismatch etc...)

Keywords

FAQs

Package last updated on 14 Aug 2024

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Inside the Business of Ransomware: Insights from Reddit AMA with Ransomware Negotiators

Security News

Inside the Business of Ransomware: Insights from Reddit AMA with Ransomware Negotiators

Ransomware negotiators share how modern cybercriminals operate like corporations, using specialized teams, negotiation tactics, and reputation management.

By Sarah Gooding  -  Dec 17, 2024
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc