Decode and verify Amazon Cognito JWT tokens
Project description
Decode and verify Amazon Cognito JWT tokens
Note: tested on Python >= 3.6, compatible with PEP-492 (async/await coroutines syntax)
Installation
Package works in two modes: synchronous - requests as http-client and asynchronous - aiohttp as http-client. In order to avoid installing unnecessary dependencies I separated installation flow into two modes:
- Async mode -
pip install cognitojwt[async]
- Sync mode -
pip install cognitojwt[sync]
Usage
import cognitojwt
id_token = '<YOUR_TOKEN_HERE>'
REGION = '**-****-*'
USERPOOL_ID = 'eu-west-1_*******'
APP_CLIENT_ID = '1p3*********'
# Sync mode
verified_claims: dict = cognitojwt.decode(
id_token,
REGION,
USERPOOL_ID,
app_client_id=APP_CLIENT_ID, # Optional
testmode=True # Disable token expiration check for testing purposes
)
# Async mode
verified_claims: dict = await cognitojwt.decode_async(
id_token,
REGION,
USERPOOL_ID,
app_client_id=APP_CLIENT_ID, # Optional
testmode=True # Disable token expiration check for testing purposes
)
Note: if the application is deployed inside a private vpc without internet gateway, the application will not be able to download the JWKS file.
In this case set the AWS_COGNITO_JWKS_PATH
environment variable referencing the absolute or relative path of the jwks.json file.
It is possible to allow multiple app client ids by passing the value as a Container instance such as a list or tuple:
ALLOWED_CLIENT_IDS = ('client_one', 'client_two')
verified_claims: dict = cognitojwt.decode(
id_token,
REGION,
USERPOOL_ID,
app_client_id=ALLOWED_CLIENT_IDS,
testmode=True # Disable token expiration check for testing purposes
)
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for cognitojwt-1.4.1-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 8ee189f82289d140dc750c91e8772436b64b94d071507ace42efc22c525f42ce |
|
MD5 | 186c24f3d0fe1592c63f2080e51b39e2 |
|
BLAKE2b-256 | a56997faafdc4f1900fa1b525cedae0f98aa30b0bb086d076f8d66c68a18b1b2 |