Decode and verify Amazon Cognito JWT tokens
Project description
Decode and verify Amazon Cognito JWT tokens
Note: tested on Python >= 3.6, compatible with PEP-492 (async/await coroutines syntax)
Installation
Package works in two modes: synchronous - requests as http-client and asynchronous - aiohttp as http-client. In order to avoid installing unnecessary dependencies I separated installation flow into two modes:
- Async mode -
pip install cognitojwt[async]
- Sync mode -
pip install cognitojwt[sync]
Usage
import cognitojwt
id_token = '<YOUR_TOKEN_HERE>'
REGION = '**-****-*'
USERPOOL_ID = 'eu-west-1_*******'
APP_CLIENT_ID = '1p3*********'
# Sync mode
verified_claims: dict = cognitojwt.decode(
id_token,
REGION,
USERPOOL_ID,
app_client_id=APP_CLIENT_ID, # Optional
testmode=True # Disable token expiration check for testing purposes
)
# Async mode
verified_claims: dict = await cognitojwt.decode_async(
id_token,
REGION,
USERPOOL_ID,
app_client_id=APP_CLIENT_ID, # Optional
testmode=True # Disable token expiration check for testing purposes
)
Note: if the application is deployed inside a private vpc without internet gateway, the application will not be able to download the JWKS file.
In this case set the AWS_COGNITO_JWSK_PATH
environment variable referencing the absolute or relative path of the jwks.json file.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
cognitojwt-1.2.2.tar.gz
(3.7 kB
view hashes)
Built Distribution
Close
Hashes for cognitojwt-1.2.2-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 86bc77308f40cd5c2a05b3772d2af966aaf142cce659e937b64048cd9e036644 |
|
MD5 | 3e8deee828f8b8860573f28ba1682694 |
|
BLAKE2b-256 | b7aa1ac551723ce2ec69cd68d6c7c4c3ab0d374c72c11b1eaba56c610e62449f |