gojwtcognito
is an easy to use, small package
designed to parse request headers
and look for JWTs provided by AWS Cognito
to either check if they are valid or get info from them.
$ go get github.com/bruno-chavez/gojwtcognito
Import the package, call a NewCognitoChecker
.
From here you pass the object pointer to where you need to
validate tokens, get claims or groups.
-
The only two tokens that the library works with are
idToken
andaccessToken
. -
Note that the username password (
ALLOW_USER_PASSWORD_AUTH
) based authentication flow is not supported. -
The region, User Pool ID and App Client ID can all be found inside AWS Cognito.
-
The claims inside each JWT varies depends on the token type you pass to
GetClaims
. Please check this link for the official specification and usage of each token.
Check the GoDoc page for more info on what is available inside the package.
checker := gojwtcognito.NewCognitoChecker(
"us-east-1", // region
"us-east-1_apwePSzx", // user pool id
"3b1fh12qzvmgjuio563qtm678u", // client app id
)
func ExampleHandler(w http.ResponseWriter, r *http.Request) {
err := checker.ValidateTokenFromHeader(r, "accessToken")
if err != nil {
log.Println(err)
return
}
err = c.ValidateTokenFromHeader(r, "idToken")
if err != nil {
log.Println(err)
return
}
}
claims
is a map of type map[string]interface{}
func ExampleHandler(w http.ResponseWriter, r *http.Request) {
claims, err := checker.GetClaims(r, "idToken")
if err != nil {
log.Println(err)
}
log.Println(claims["cognito:username"])
}
groups
is a slice of type []string
func ExampleHandler(w http.ResponseWriter, r *http.Request) {
groups, err := checker.GetGroups(r)
if err != nil {
log.Println(err)
}
for _, v := range groups {
fmt.Println(v)
}
}
Found a bug or an error? Post it in the issue tracker.
Want to add an awesome new feature? Fork this repository and add your feature, then send a pull request.
The MIT License (MIT) Copyright (c) 2020 Bruno Chavez