jwtcognito

package module
v1.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 25, 2019 License: MIT Imports: 7 Imported by: 0

README

GoDoc Build Status Go Report Card

jwtcognito is an easy to use, small package designed to parse request headers and look for JWTs provided by AWS Cognito to either check if they are valid or get the info in them.

Install

$ go get github.com/bruno-chavez/jwtcognito

Usage

Import the package, build a CognitoConfig struct and get the set of JWKs with GetJWK. From here you can validate tokens, get claims or groups, depending on your needs.

Usage Tips

  • You only need to build the CognitoConfig struct and call the GetJWK function ONCE, you can then pass them to other parts of your code that get called multiple times, like server handlers for example.

  • The region, User Pool ID and App Client can all be found inside AWS Cognito.

  • The supported tokens that Cognito uses for authentication are either accessToken or idToken.

  • If you need to check for user data like emails, names or associated groups idToken is what you are looking for.

  • The claims inside each JWT varies depends of the token type.

Documentation

Check the GoDoc page for more info on what is available inside the package.

Examples

Using TokenInfo and GetJWK

You can for example set the CognitoConfig struct and call GetJWK globally inside a package and then use them inside server handlers.


var cognitoConfig = jwtcognito.CognitoConfig{
                       Region: "us-east-1",
                       UserPool: "us-east-1_apwePSzx",
                       Appclient: "3b1fh12qzvmgjuio563qtm678u",
                     }

var jwks, _ = jwtcognito.GetJWK(cognitoConfig)

func verifyUser(w http.ResponseWriter, r *http.Request) {

    err := jwtcognito.ValidateTokenFromHeader(r, jwks, cognitoConfig, "accessToken")
    if err != nil {
        log.Println(err)
        return
    }
    
    err = jwtcognito.ValidateTokenFromHeader(r, jwks, cognitoConfig, "idToken")
    if err != nil {
        log.Println(err)
        return
    }

}
Validating an accessToken

cognitoConfig := jwtcognito.CognitoConfig{
    Region: "us-east-1",
    UserPool: "us-east-1_apwePSzx",
    Appclient: "3b1fh12qzvmgjuio563qtm678u",
}

jwks, err := jwtcognito.GetJWK(cognitoConfig)
if err != nil {
    log.Println(err)
}

err := jwtcognito.ValidateTokenFromHeader(r, jwks, cognitoConfig, "accessToken")
if err != nil {
    log.Println(err)
}
Looking up a specific claim

claims is a map of type map[string]interface{}

cognitoConfig := jwtcognito.CognitoConfig{
    Region: "us-east-1",
    UserPool: "us-east-1_apwePSzx",
    Appclient: "3b1fh12qzvmgjuio563qtm678u",
}

jwks, err := jwtcognito.GetJWK(cognitoConfig)
if err != nil {
    log.Println(err)
}

claims, err := jwtcognito.GetClaims(r, jwks, cognitoConfig, "idToken")
if err != nil {
    log.Println(err)
}

log.Println(claims["cognito:username"])
Looking up all the groups of a user

groups is a slice of type []string

cognitoConfig := jwtcognito.CognitoConfig{
    Region: "us-east-1",
    UserPool: "us-east-1_apwePSzx",
    Appclient: "3b1fh12qzvmgjuio563qtm678u",
}

jwks, err := jwtcognito.GetJWK(cognitoConfig)
if err != nil {
    log.Println(err)
}

groups, err := jwtcognito.GetGroups(r, jwks, cognitoConfig)
if err != nil {
    log.Println(err)
}

for _, v := range groups {
    fmt.Println(v)
}

Contribute

Found a bug or an error? Post it in the issue tracker.

Want to add an awesome new feature? Fork this repository and add your feature, then send a pull request.

License

The MIT License (MIT) Copyright (c) 2019 Bruno Chavez

Documentation

Overview

Package jwtcognito is an easy to use, small package designed to parse request headers and look for JWTs provided by AWS Cognito to either check if they are valid or get some data from them.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GetClaims 

func GetClaims(request *http.Request, jwks *jwk.Set, info CognitoConfig, tokenType string) (map[string]interface{}, error)

GetClaims parses a request header and looks for a specific JWT from AWS Cognito. Returns a map with all the claims in it or an error if it is an invalid token.

func GetGroups 

func GetGroups(request *http.Request, jwks *jwk.Set, appClient string) ([]string, error)

GetGroups parses a request header and looks for a specific JWT from AWS Cognito. Returns a slice with all the groups of a user or an error if it is an invalid token.

func GetJWK 

func GetJWK(info CognitoConfig) (*jwk.Set, error)

GetJWK is used with in conjunction of the other functions to parse tokens. Fetches and parses the JWK in order to build the RSA key needed to decode a JWT

func ValidateTokenFromHeader added in v1.3.0 

func ValidateTokenFromHeader(request *http.Request, jwks *jwk.Set, info CognitoConfig, tokenType string) error

ValidateTokenFromHeader parses a request header and looks for a specific JWT from AWS Cognito. Returns an error if its not valid or nil if it is.

Types

type CognitoConfig added in v1.3.0 

type CognitoConfig struct {
	Region    string
	UserPool  string
	AppClient string
}

CognitoConfig is used for passing necessary information to the API of the package. Contains information about your AWS Cognito configuration.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.