aws-cognito-express
v5.0.0
Published
Verification of Access and ID tokens issued by AWS Cognito for Node.js
Downloads
4,885
Maintainers
Readme
AWS Cognito Express
This module authenticates requests on a Node.js application by verifying the Access
and ID
tokens issued by AWS Cognito.
It implements the AWS Guideline for JWT validation.
Table of contents
Use cases
This module offers an out of the box solution to authenticate requests on an Express.js application by verifying the AWS Cognito JWTs sent in the Authorization
header using the Bearer scheme.
Besides, it was designed so that it has the maximum flexibility. So, if you are not using Express.js, you can still use the JWTValidator
class and create your custom authentication flow.
In the following picture, we illustrate which part of the authentication flow is covered by this module.
Features
The following are the features included in this module:
- JWT signature verification.
- JWT claims verification.
- Verify that the token is not expired.
- Verify that the audience (aud) claim matches one of the valid audiences provided in the configuration.
- Verify that the issuer (iss) claim is valid for the configured user pool.
- Verify that the token_use claim matches one of the valid token uses provided in the configuration.
- Support for JWKs rotation as per described in the JWT signing key rotation thread.
- Ability to set custom pems for local testing without the need of creating a User Pool.
Prerequisites
You will need:
- An AWS account. If you don't have one you can sign up here.
- A Cognito User Pool configured with at least one client application.
- Node.js 14 or above.
Installation
$ npm install --save aws-cognito-express
Responsible disclosure
If you have any security issue to report, contact project maintainers privately. You can find contact information in CONTACT.md.