Verify AWS id Token on Java

Question

i am using Cognito in Amazon to authenticate my mobile users, once they complete the login, Cognito provides a set of tokens, i am using the id token in my backend. I have followed the steps on the section Using ID Tokens and Access Tokens in your Web APIs on https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html i am stuck on the 6 step.

As far as i have seen, i get the modulus and the exponent from Amazon in String and i must build a PublicKey with those, to validate the JWT signature.

I dont know how to build the PublicKey using this two parameters in String.

Answer 1

I finally found a work around, there is an example in the aws forums https://forums.aws.amazon.com/message.jspa?messageID=728870 but the code is in Kotlin. I just port it to java and making some tests i finally validate my JWT signature:

byte[] decodedModulus = Base64.getUrlDecoder().decode(yourModulus);

byte[] decodedExponent = Base64.getUrlDecoder().decode(yourExponent);

BigInteger modulus = new BigInteger(1, decodedModulus);
BigInteger exponent = new BigInteger(1, decodedExponent);

RSAPublicKeySpec publicKeySpec = new RSAPublicKeySpec(modulus, exponent);
KeyFactory keyFactory;

keyFactory = KeyFactory.getInstance("RSA");
PublicKey publicKey = keyFactory.generatePublic(publicKeySpec);

JWSVerifier verifier = new RSASSAVerifier((RSAPublicKey) publicKey);
Boolean verify = parsedToken.verify(verifier);}

Hope it helps to anyone with the same trouble.