ace
aws-cognito-express
npm i aws-cognito-express
ace

aws-cognito-express

Verification of Access and ID tokens issued by AWS Cognito for Node.js

by Fernando Buccella

4.0.1 (see all)License:MITTypeScript:Not Found
npm i aws-cognito-express
Readme

AWS Cognito Express

NPM

Build Status Maintainability Coverage Status Known Vulnerabilities License

Logo

This module authenticates requests on a Node.js application by verifying the Access and ID tokens issued by AWS Cognito. It implements the AWS Guideline for JWT validation.

Table of contents

Use cases

This module offers an out of the box solution to authenticate requests on an Express.js application by verifying the AWS Cognito JWTs sent in the Authorization header using the Bearer scheme.

Besides, it was designed so that it has the maximum flexibility. So, if you are not using Express.js, you can still use the JWTValidator class and create your custom authentication flow.

In the following picture, we illustrate which part of the authentication flow is covered by this module.

Authentication Flow

Features

The following are the features included in this module:

  • JWT signature verification.
  • JWT claims verification.
    • Verify that the token is not expired.
    • Verify that the audience (aud) claim matches one of the valid audiences provided in the configuration.
    • Verify that the issuer (iss) claim is valid for the configured user pool.
    • Verify that the token_use claim matches one of the valid token uses provided in the configuration.
  • Support for JWKs rotation as per described in the JWT signing key rotation thread.
  • Ability to set custom pems for local testing without the need of creating a User Pool.

Prerequisites

You will need:

  1. An AWS account. If you don't have one you can sign up here.
  2. A Cognito User Pool configured with at least one client application.
  3. Node.js 14 or above.

Installation

$ npm install --save aws-cognito-express

Responsible disclosure

If you have any security issue to report, contact project maintainers privately. You can find contact information in CONTACT.md.

Downloads/wk

389

GitHub Stars

33

LAST COMMIT

6mos ago

MAINTAINERS

1

CONTRIBUTORS

0

OPEN ISSUES

1

OPEN PRs

0
VersionTagPublished
4.0.1
latest
6mos ago
No alternatives found
No tutorials found
Add a tutorial
No dependencies found

Rate & Review

100
No reviews found
Be the first to rate