问题描述
我正在尝试Web应用程序的Cognito用户池的登录功能。我能够获得令牌,但不确定在哪里找到解密它的秘密。我在其中一篇文章中读到,秘密是用户池中该应用的秘密ID。但是,对于Javascript SDK,秘密ID为空白。这是否意味着我的秘密也应该空白?我尝试了此操作,但收到一条消息,指出错误:PEM_read_bio_PUBKEY失败。
I am trying out the log in function for the Cognito User Pool for my Web App. I was able to obtain the Token but I am not sure where to find the secret to decode it. I've read in one of the post that the secret is the secret Id for the App in the User Pool. However, for Javascript SDK, the secret id is blank. Does this mean my secret should also be blank? I tried this but I got a message that says "Error: PEM_read_bio_PUBKEY failed".
推荐答案
要更正另一个答案:RS256是一种非对称算法,需要一个公钥和一个私钥。另请参见和。
To correct the other answer: RS256 is an asymmetric algorithm and requires a public and a private key. Also see RS256 vs HS256: What's the difference? and https://en.wikipedia.org/wiki/RSA_(cryptosystem).
正确的是,为了验证JWT,您不需要用于签名的私钥,只需AWS在 https:/下提供的公钥即可: /cognito-idp。{region}.amazonaws.com/{userPoolId} /。well-known / jwks.json
。
What is correct is that for verifying the JWT you do not need the private key that was used to sign it, only the public key made available by AWS under https://cognito-idp.{region}.amazonaws.com/{userPoolId}/.well-known/jwks.json
.
这篇关于在哪里可以从cognito找到JWT的密钥的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!