how to check the ID token in aws lambda in node js
// Cognito data
const userPoolId = "###########"; // Cognito user pool id here
const pool_region = '#########'; // Region where your cognito user pool is created
const jwt = require('jsonwebtoken');
const jwkToPem = require('jwk-to-pem');
const request = require('request');
// Token verification function
const ValidateToken = (token) => {
console.log('Validating the token...')
request({
url: `https://cognito-idp.${pool_region}.amazonaws.com/${userPoolId}/.well-known/jwks.json`,
json: true
}, (error, response, body) => {
console.log('validation token..')
if (!error && response.statusCode === 200) {
pems = {};
var keys = body['keys'];
for(var i = 0; i < keys.length; i++) {
//Convert each key to PEM
var key_id = keys[i].kid;
var modulus = keys[i].n;
var exponent = keys[i].e;
var key_type = keys[i].kty;
var jwk = { kty: key_type, n: modulus, e: exponent};
var pem = jwkToPem(jwk);
pems[key_id] = pem;
}
//validate the token
var decodedJwt = jwt.decode(token, {complete: true});
if (!decodedJwt) {
console.log("Not a valid JWT token");
return;
}
var kid = decodedJwt.header.kid;
var pem = pems[kid];
if (!pem) {
console.log('Invalid token');
return;
}
jwt.verify(token, pem, function(err, payload) {
if(err) {
console.log("Invalid Token.");
} else {
console.log("Valid Token.");
console.log(payload);
}
});
} else {
console.log(error)
console.log("Error! Unable to download JWKs");
}
});
}
// Exporting it to call it anywere you want
exports.ValidateToken = ValidateToken