where can I find the secret key for the JWT from cognito

amazon-web-services amazon-cognito aws-cognito
leo c picture leo c · Jun 30, 2016 · Viewed 16.3k times · Source

I am trying out the log in function for the Cognito User Pool for my Web App. I was able to obtain the Token but I am not sure where to find the secret to decode it. I've read in one of the post that the secret is the secret Id for the App in the User Pool. However, for Javascript SDK, the secret id is blank. Does this mean my secret should also be blank? I tried this but I got a message that says "Error: PEM_read_bio_PUBKEY failed".

Answer

B M picture B M · Jan 11, 2017

To correct the other answer: RS256 is an asymmetric algorithm and requires a public and a private key. Also see RS256 vs HS256: What's the difference? and https://en.wikipedia.org/wiki/RSA_(cryptosystem).

What is correct is that for verifying the JWT you do not need the private key that was used to sign it, only the public key made available by AWS under https://cognito-idp.{region}.amazonaws.com/{userPoolId}/.well-known/jwks.json.

Related questions

How to modify expiry time of the access and identity tokens for AWS Cognito User Pools

I can't find any documentation which explains if and how to modify the expiry time of access and identity tokens for AWS Cognito User Pools. The documentation specifies that by default expires 1h after the emission. Is there a way …

Read More
How to generate access token for an AWS Cognito user?

I' using Cognito user pool for securing my API gateway . Now I would like to make requests to my API using postman but I need to pass in Authorization token as the API is secured. Is there any AWS CLI …

Read More
Cognito hosted UI

I have been looking into setting up a login for a web app that lets clients view data hosted in S3 and found that AWS Cognito has a hosted web UI [link] that handles most of the authentication flow for …

Read More