@xeedware/cognito-jwk-cli
v1.0.3
Published
Node script to fetch a Cognito user pool's JSON Web Keys
Downloads
4
Maintainers
Readme
cognito-jwt-cli
CLI commands to fetch a Cognito user pool's JSON Web Keys (JWK).
Convenient when desiring to view JWKs at the terminal;
and especially to copy-and-paste.
Overview
The Cognito User Pool API
uses JSON Web Keys (JWK)
to sign Access
and ID
JSON Web Tokens (JWT):
artifacts returned to the client after successful Cognito User Pool authentication.
Clients use JWTs to gain access to protected backend resources where required.
Using JWKs issued by the Cognito User Pool, backend services can verify the authenticity of JWTs. See Verifying a JSON Web Token(JWT).
These cognito-jwt-cli
commands fetch a user pool's JWK
via a known Cognito User API
(a.k.a. cognito-idp
, AWS.CognitoIdentityServiceProvider
) URL:
https://cognito-idp.<region>.amazonaws.com/<userPoolId>/.well-known/jwks.json
returning a stringified JSON object or optionally a PEM Base64 encoded DER certificate string.
Should you want to fetch Cognito JWKs programatically, see https://aws.amazon.com/premiumsupport/knowledge-center/decode-verify-cognito-json-token/.
Install
Globally
Allows you to execute
cognito-jwk
from any terminal:npm install -g @xeedware/cognito-jwk-cli
In an npm project:
Allows you to execute
cognito-jwk
from a terminal when within the npm project directory:npm install @xeedware/cognito-jwk-cli
Usage
Usage
<Command> [Option]
<Command> <userPoolId> [--pem multi_line|single_line] [Option]
Commands
cognito-jwk access // get ACCESS token
cognito-jwk id // get ID token
cognito-jwk both // get ACCESS and ID token
Options:
--version // Show version number
--help // Show help
Via npx
npx comes bundled with npm version 5.2+.
npx cognito-jwk-cli access|id|both <userPoolId> [-p multi_line|single_line] [--version | --help]
Via node
node cognito-jwk-cli access|id|both <userPoolId> [-p multi_line|single_line] [--version | --help]
Via shell
After adding the npm executables path to your PATH environment variable:
cognito-jwk-cli access|id|both <userPoolId> [-p multi_line|single_line] [--version | --help]
To obtain the full path to npm executables, execute:
npm bin [-g]
-g option for globally installed packages.