AWS Cognito returning invalid signature with new userpool

By -

I have an AWS Cognito user pool that is a replacement for an old one that I had to delete because of a custom attribute issue. I am using the same exact code as before though the keys have changed. I have them in a JSON file that I pulled from the AWS URL for getting the keys. I am getting an error now about invalid signature when trying to validate a JWT. I know my code is solid since it hasn't changed but was looking to see from others if there is something else I am missing or should do other than update my pool id, client id, and keys.json file.

Edit adding my code just incase there is an issue with it though I can't see why if nothing changed

exports.isJWTValid = () => (req, res, next) => {
    let idToken = req.headers.authorization
    let token = idToken.split(' ')[1]
    let header = jwt_decode(token, { header: true });
    let keys = keysJSON.keys
    let kid = header.kid
    let jwk = keys.find(r => r.kid === kid)
    let pem = jwkToPem(jwk);
    jwt.verify(token, pem, { algorithms: ['RS256'] }, function(err, decodedToken) {
        if(err) { // error is showing up in this if(err) and returning to postman
            logger.debug(err) 
            return res.status(401).json({success: false, err})
        }
        const currentSeconds = Math.floor((new Date()).valueOf() / 1000)
        if (currentSeconds >= decodedToken.exp || currentSeconds < decodedToken.auth_time ) {
            let message = 'Session has expired, please login again.'
            return res.status(401).json({success: false, message});
        }
        if(decodedToken.aud !== config.ClientId) {
            let message = 'Token doen\'t match app client'
            return res.status(401).json({success: false, message});
        }
        if(decodedToken.iss !== `https://cognito-idp.us-east-1.amazonaws.com/${config.UserPoolId}`) {
            let message = 'Token doen\'t match user pool'
            return res.status(401).json({success: false, message});
        }
        if(decodedToken.token_use !== 'id' && decodedToken.token_use !== 'access') {
            let message = 'Token use case doen\'t match'
            return res.status(401).json({success: false, message});
        }
        logger.debug('decodedToken: ', decodedToken)
        next()
    });
};


from Recent Questions - Stack Overflow https://ift.tt/2SxUCcU
https://ift.tt/eA8V8J

Comments

Post a Comment

Popular posts from this blog

Spring Elasticsearch Operations

By -
Elasticsearch Operations Spring Data Elasticsearch uses two interfaces to define the operations that can be called against an Elasticsearch index. These are ElasticsearchOperations and ReactiveElasticsearchOperations. Whereas the first is used with the classic synchronous implementations, the second one uses reactive infrastructure. The default implementations of the interfaces offer: Read/Write mapping support for domain types. A rich query and criteria api. Resource management and Exception translation. ElasticsearchTemplate The ElasticsearchTemplate is an implementation of the ElasticsearchOperations interface using the Transport Client. @Configuration public class TransportClientConfig extends ElasticsearchConfigurationSupport {   @Bean   public Client elasticsearchClient() throws UnknownHostException {                      Settings settings = Settings.builder().put("cluster.name", "elasticsearch")....
Read more

Network Error and Timeout on Authorize.net JS

By -
i am using authorize.net acceptUI.js in order to create a hosted payment form for credit card acceptance. The problem arising now is that, going on the checkout page, I have the following console message: GET https://js.authorize.net/v3/AcceptUI.js net::ERR_NAME_NOT_RESOLVED Which is weird, cause I cannot ping the domain or anything, as my computer cannot resolve the domain. However, this issue is also reported by individual customers and it seems to be sporadically and not happening the entire time, cause i can see other orders going through. Does anyone know how such an error can be caused, or any ideas how it can be resolved? Thanks for your help EDIT: I just checked the A DNS record for js.authorize.net and am getting the following result only: js.authorize.net. 100 IN CNAME js.authorize.net.cdn.cloudflare.net. Doing the same for js.authorize.net.cdn.cloudflare.net. does not return an A Record, unless I specifically instruct to use 1.1.1.1 as DNS server I...
Read more

Object oriented programming concepts (OOPs)

By -
Object-oriented programming (OOP) is a programming paradigm based on the concept of "objects". Re-usability is the main concept of Oops. There are few major principles of object-oriented paradigm. If any programming Language supports this principles that programming language called Object-oriented programming. Below are object oriented programming concepts : 1. Object        Read More about Object     http://theprogrammersfirst.blogspot.in/2016/07/java-object-concept.html
Read more