I've set up the user pool in Cognito and got the JWT token after authenticating the created user via cognito js sdk. And when I try to invoke the assumeRoleWithWebIdentity api it returns an error, below is the sample api call.
https://sts.amazonaws.com/
?Action=AssumeRoleWithWebIdentity
&DurationSeconds=3600
&RoleSessionName=app1
&RoleArn=arn:aws:iam::id:role/_cross_account_role
&WebIdentityToken=jwtAccessToken
&Version=2011-06-15
The api response,
<ErrorResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
<Error>
<Type>Sender</Type>
<Code>InvalidIdentityToken</Code>
<Message>Missing a required claim: aud</Message>
</Error>
<RequestId>c01780d7-3705-11e8-80ef-533aa2d4f58f</RequestId>
</ErrorResponse>
Would be great if I could know the root cause for this issue.
Authenticating with tokensWhen a user signs into your app, Amazon Cognito verifies the login information. If the login is successful, Amazon Cognito creates a session and returns an ID, access, and refresh token for the authenticated user.
Open the Postman Application (Here is the link to download Postman Application). Go to Authorization tab. From the dropdown select type as OAuth 2.0 and click on Get access token.
To use the refresh token to get new ID and access tokens with the user pool API, use the AdminInitiateAuth or InitiateAuth API operations. Pass REFRESH_TOKEN_AUTH for the AuthFlow parameter.
To verify the signature of an Amazon Cognito JWT, search for the key with a key ID that matches the key ID of the JWT, then use libraries to decode the token and verify the signature. Be sure to also verify that: The token is not expired.
When the user is autheticated it gives an access token and ID token.
The issue occurs when you try to use the access token instead of the ID token.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With