Why does my Amazon Cognito JWT token have an invalid signature?
I am working on Amazon cognito. I am trying to decode from https://jwt.io
eyJraWQiOiJRaGF4STZGbXB5Y3Z3dUV5TUZJUk9FTm5MTDJKTiswMzVVak5MNTEycjZvPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJhYjI0YzExYS1mNjZhLTRjMjktOWVhNy0yMWQwMTc2NmZlN2IiLCJhdWQiOiIxY2ZxNjJubjNlZmNpdWFpYnFldmlxbHU4OSIsInRva2VuX3VzZSI6ImlkIiwiYXV0aF90aW1lIjoxNDk0Njg1MjQwLCJpc3MiOiJodHRwczpcL1wvY29nbml0by1pZHAudXMtZWFzdC0xLmFtYXpvbmF3cy5jb21cL3VzLWVhc3QtMV9oM3F4WGVPQzQiLCJjb2duaXRvOnVzZXJuYW1lIjoidGVzdHNhbmRlZXAxIiwiZXhwIjoxNDk0Njg4ODQwLCJpYXQiOjE0OTQ2ODUyNDAsImVtYWlsIjoic2FuZGVlcC5qYWtrYXJhanVAZm9jYWxjeG0uY29tIn0.ZRsYZZwxUnqL4FfuWhD-w8xQWoQQkuj4rYCYPqQehcq1SMe0Vww2GIY4-sr9RgwjVxhOo4WqIQT8LzSn_tFBF504h5xGpp5fD37rIJZ49rC3naH7tC0nHwKSswi6C6x8BlIPi4QAnlP49SZMoIEPEnQig9F6wzlDfb-cjw0R2q61Em-e0cpBM8lbjxCrgBF2-PbXFqwEfncEUkwb93qZHo4Wk3pYH3d-9aXzZg6Xc4CNZfehAUZ7qknq2qtaSI3tH-EXGYmytjoVwcF5jIvej2OATrQf_JbfBNSxC96oA_CglWVKvp2rPrqlZzDCd0Se68TjZvKSbW7XtKX_DzI5ww
He says the signature is invalid. I have tried many tokens, I always get this.
Why does he tell you that the signature is invalid?
source to share
@jps is correct. You need to download the JWK for your Cognito user pool before you can verify the JWT signature.
- Download file JWK the User Pools Cognito:
https://cognito-idp.{region}.amazonaws.com/{userPoolId}/.well-known/jwks.json
. This is for your user pool: https://cognito-idp.us-east-1.amazonaws.com/us-east-1_h3qxXeOC4/.well-known/jwks.json - Find the value for Identities
kid
. The value of the token you provided:"QhaxI6FmpycvwuEyMFIROENnLL2JN+035UjNL512r6o="
. - Then you need to generate a public key that matches the data from the JWKs file that matches your key
kid
. This is posted on the blog: https://aws.amazon.com/blogs/mobile/integrating-amazon-cognito-user-pools-with-api-gateway/ (see later on the blog for how to generate a public key).
source to share