Decode and verify Amazon Cognito JWT tokens
Project description
Decode and verify Amazon Cognito JWT tokens
Note: tested on Python >= 3.6, compatible with PEP-492 (async/await coroutines syntax)
Installation
Package works in two modes: synchronous - requests as http-client and asynchronous - aiohttp as http-client. In order to avoid installing unnecessary dependencies I separated installation flow into two modes:
- Async mode -
pip install cognitojwt[async] - Sync mode -
pip install cognitojwt[sync]
Usage
import cognitojwt
id_token = '<YOUR_TOKEN_HERE>'
REGION = '**-****-*'
USERPOOL_ID = 'eu-west-1_*******'
APP_CLIENT_ID = '1p3*********'
# Sync mode
verified_claims: dict = cognitojwt.decode(
id_token,
REGION,
USERPOOL_ID,
app_client_id=APP_CLIENT_ID, # Optional
testmode=True # Disable token expiration check for testing purposes
)
# Async mode
verified_claims: dict = await cognitojwt.decode_async(
id_token,
REGION,
USERPOOL_ID,
app_client_id=APP_CLIENT_ID, # Optional
testmode=True # Disable token expiration check for testing purposes
)
Note: if the application is deployed inside a private vpc without internet gateway, the application will not be able to download the JWKS file.
In this case set the AWS_COGNITO_JWKS_PATH environment variable referencing the absolute or relative path of the jwks.json file.
It is possible to allow multiple app client ids by passing the value as a Container instance such as a list or tuple:
ALLOWED_CLIENT_IDS = ('client_one', 'client_two')
verified_claims: dict = cognitojwt.decode(
id_token,
REGION,
USERPOOL_ID,
app_client_id=ALLOWED_CLIENT_IDS,
testmode=True # Disable token expiration check for testing purposes
)
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file cognitojwt-1.4.1.tar.gz.
File metadata
- Download URL: cognitojwt-1.4.1.tar.gz
- Upload date:
- Size: 4.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.4.1 importlib_metadata/4.5.0 pkginfo/1.7.0 requests/2.25.1 requests-toolbelt/0.9.1 tqdm/4.61.0 CPython/3.6.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | a9f751942517ecf85da9f14674749390aad268e4b0155ef7d133aa50800aa15a |
|
| MD5 | 3d636c07c6b59f0e3e0a28a836df67cf |
|
| BLAKE2b-256 | fc40657173a7216980b6069da6f57b4e657754b726c088e4a1760460c70b7e34 |
File details
Details for the file cognitojwt-1.4.1-py3-none-any.whl.
File metadata
- Download URL: cognitojwt-1.4.1-py3-none-any.whl
- Upload date:
- Size: 6.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.4.1 importlib_metadata/4.5.0 pkginfo/1.7.0 requests/2.25.1 requests-toolbelt/0.9.1 tqdm/4.61.0 CPython/3.6.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 8ee189f82289d140dc750c91e8772436b64b94d071507ace42efc22c525f42ce |
|
| MD5 | 186c24f3d0fe1592c63f2080e51b39e2 |
|
| BLAKE2b-256 | a56997faafdc4f1900fa1b525cedae0f98aa30b0bb086d076f8d66c68a18b1b2 |
