Skip to content

Latest commit

 

History

History
59 lines (44 loc) · 3.42 KB

README.md

File metadata and controls

59 lines (44 loc) · 3.42 KB

AWS Cognito Express

NPM

Build Status Maintainability Coverage Status Known Vulnerabilities License

Logo

This module authenticates requests on a Node.js application by verifying the Access and ID tokens issued by AWS Cognito. It implements the AWS Guideline for JWT validation.

Table of contents

Use cases

This module offers an out of the box solution to authenticate requests on an Express.js application by verifying the AWS Cognito JWTs sent in the Authorization header using the Bearer scheme.

Besides, it was designed so that it has the maximum flexibility. So, if you are not using Express.js, you can still use the JWTValidator class and create your custom authentication flow.

In the following picture, we illustrate which part of the authentication flow is covered by this module.

Authentication Flow

Features

The following are the features included in this module:

  • JWT signature verification.
  • JWT claims verification.
    • Verify that the token is not expired.
    • Verify that the audience (aud) claim matches one of the valid audiences provided in the configuration.
    • Verify that the issuer (iss) claim is valid for the configured user pool.
    • Verify that the token_use claim matches one of the valid token uses provided in the configuration.
  • Support for JWKs rotation as per described in the JWT signing key rotation thread.
  • Ability to set custom pems for local testing without the need of creating a User Pool.

Prerequisites

You will need:

  1. An AWS account. If you don't have one you can sign up here.
  2. A Cognito User Pool configured with at least one client application.
  3. Node.js 14 or above.

Installation

$ npm install --save aws-cognito-express

Responsible disclosure

If you have any security issue to report, contact project maintainers privately. You can find contact information in CONTACT.md.