This module authenticates requests on a Node.js application by verifying the Access and ID tokens issued by AWS Cognito.
It implements the AWS Guideline for JWT validation.
This module offers an out of the box solution to authenticate requests on an Express.js application by verifying the AWS Cognito JWTs sent in the Authorization header using the Bearer scheme.
Besides, it was designed so that it has the maximum flexibility. So, if you are not using Express.js, you can still use the JWTValidator class and create your custom authentication flow.
In the following picture, we illustrate which part of the authentication flow is covered by this module.
The following are the features included in this module:
- JWT signature verification.
- JWT claims verification.
- Verify that the token is not expired.
- Verify that the audience (aud) claim matches one of the valid audiences provided in the configuration.
- Verify that the issuer (iss) claim is valid for the configured user pool.
- Verify that the token_use claim matches one of the valid token uses provided in the configuration.
- Support for JWKs rotation as per described in the JWT signing key rotation thread.
- Ability to set custom pems for local testing without the need of creating a User Pool.
You will need:
- An AWS account. If you don't have one you can sign up here.
- A Cognito User Pool configured with at least one client application.
- Node.js 14 or above.
$ npm install --save aws-cognito-expressIf you have any security issue to report, contact project maintainers privately. You can find contact information in CONTACT.md.