Decode and verify Amazon Cognito JWT tokens
Project description
Decode and verify Amazon Cognito JWT tokens
Note: tested on Python >= 3.6, compatible with PEP-492 (async/await coroutines syntax)
Installation
Package works in two modes: synchronous - requests as http-client and asynchronous - aiohttp as http-client. In order to avoid installing unnecessary dependencies I separated installation flow into two modes:
- Async mode -
pip install cognitojwt[async]
- Sync mode -
pip install cognitojwt[sync]
Usage
import cognitojwt
id_token = '<YOUR_TOKEN_HERE>'
REGION = '**-****-*'
USERPOOL_ID = 'eu-west-1_*******'
APP_CLIENT_ID = '1p3*********'
# Sync mode
verified_claims: dict = cognitojwt.decode(
id_token,
REGION,
USERPOOL_ID,
app_client_id=APP_CLIENT_ID, # Optional
testmode=True # Disable token expiration check for testing purposes
)
# Async mode
verified_claims: dict = await cognitojwt.decode_async(
id_token,
REGION,
USERPOOL_ID,
app_client_id=APP_CLIENT_ID, # Optional
testmode=True # Disable token expiration check for testing purposes
)
Note: if the application is deployed inside a private vpc without internet gateway, the application will not be able to download the JWKS file.
In this case set the AWS_COGNITO_JWSK_PATH
environment variable referencing the absolute or relative path of the jwks.json file.
This project was originally forked from https://github.com/borisrozumnuk/cognitojwt
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
clp-cognitojwt-1.3.1.tar.gz
(3.6 kB
view hashes)
Built Distribution
Close
Hashes for clp_cognitojwt-1.3.1-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 913fb3f755d052ff9db4b3938f4156caafccae0dafb29f9e156724bee4d1c91c |
|
MD5 | 7c987c277f2ccab7c8de5bad187c08aa |
|
BLAKE2b-256 | 7c46112e684cd79b6c2ffb8356cd9be9ca329c5321d9ca3eb1b2dec282961904 |