Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Why does my JWT Token' from Amazon Cognito have an invalid signature?

I am working on Amazon cognito. I am trying to decode from https://jwt.io

eyJraWQiOiJRaGF4STZGbXB5Y3Z3dUV5TUZJUk9FTm5MTDJKTiswMzVVak5MNTEycjZvPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJhYjI0YzExYS1mNjZhLTRjMjktOWVhNy0yMWQwMTc2NmZlN2IiLCJhdWQiOiIxY2ZxNjJubjNlZmNpdWFpYnFldmlxbHU4OSIsInRva2VuX3VzZSI6ImlkIiwiYXV0aF90aW1lIjoxNDk0Njg1MjQwLCJpc3MiOiJodHRwczpcL1wvY29nbml0by1pZHAudXMtZWFzdC0xLmFtYXpvbmF3cy5jb21cL3VzLWVhc3QtMV9oM3F4WGVPQzQiLCJjb2duaXRvOnVzZXJuYW1lIjoidGVzdHNhbmRlZXAxIiwiZXhwIjoxNDk0Njg4ODQwLCJpYXQiOjE0OTQ2ODUyNDAsImVtYWlsIjoic2FuZGVlcC5qYWtrYXJhanVAZm9jYWxjeG0uY29tIn0.ZRsYZZwxUnqL4FfuWhD-w8xQWoQQkuj4rYCYPqQehcq1SMe0Vww2GIY4-sr9RgwjVxhOo4WqIQT8LzSn_tFBF504h5xGpp5fD37rIJZ49rC3naH7tC0nHwKSswi6C6x8BlIPi4QAnlP49SZMoIEPEnQig9F6wzlDfb-cjw0R2q61Em-e0cpBM8lbjxCrgBF2-PbXFqwEfncEUkwb93qZHo4Wk3pYH3d-9aXzZg6Xc4CNZfehAUZ7qknq2qtaSI3tH-EXGYmytjoVwcF5jIvej2OATrQf_JbfBNSxC96oA_CglWVKvp2rPrqlZzDCd0Se68TjZvKSbW7XtKX_DzI5ww

It says the signature invalid. I have tried many tokens I am always getting this.

Why does it report that the signature is invalid?

like image 271
Sandeep Kumar Jakkaraju Avatar asked May 13 '17 14:05

Sandeep Kumar Jakkaraju


1 Answers

@jps is correct. You need to download the JWKs for your Cognito User Pool before you can verify the signature of the JWT.

  1. Download your Cognito User Pools JWK file: https://cognito-idp.{region}.amazonaws.com/{userPoolId}/.well-known/jwks.json. This for your User Pool is: https://cognito-idp.us-east-1.amazonaws.com/us-east-1_h3qxXeOC4/.well-known/jwks.json
  2. Find your Identities kid value. The value from the token you provided is: "QhaxI6FmpycvwuEyMFIROENnLL2JN+035UjNL512r6o=".
  3. You then need to generate the Public Key that matches the data provided from the JWKs file, that matches your kid key. This is blogged about here: https://aws.amazon.com/blogs/mobile/integrating-amazon-cognito-user-pools-with-api-gateway/ (look further down the blog post for how to generate the Public Key).
like image 155
David Kelley Avatar answered Oct 24 '22 07:10

David Kelley