小编zla*_*zer的帖子

如何正确验证空受众的 Cognito JWT 并在之后进行身份验证？

我将 aps.net core 与 JWT 身份验证结合使用，发现 aws cognito 返回错误的令牌。相反，aud 它会在访问令牌中返回 client_id。我使用 Nuget 库

AWSSDK.核心
AWSSDK.CognitoIdentityProvider
Amazon.Extensions.CognitoAuthentication

结果是一样的。例如：访问令牌是：

{
  "sub": "9ed87b45-da04-4fda-bc74-XXXXXXXXXXXX",
  "event_id": "469880d0-8b17-417a-88d7-XXXXXXXXXXXX",
  "token_use": "access",
  "scope": "aws.cognito.signin.user.admin",
  "auth_time": 1583252488,
  "iss": "https://cognito-idp.us-east-2.amazonaws.com/us-east-2_XXXXXXXX",
  "exp": 1583256088,
  "iat": 1583252488,
  "jti": "c1ca9561-51ce-4b57-9f51-3355363fb4f6",
  "client_id": "AppClientIDXXXXXXXXXXXXX",
  "username": "testname"
}

Run Code Online (Sandbox Code Playgroud)

毕竟我发现 id 令牌返回“aud”

{
  "sub": "9ed87b45-da04-4fda-bc74-XXXXXXXXXXXX",
  "aud": "AppClientIDXXXXXXXXXXXXX",
  "email_verified": true,
  "event_id": "469880d0-8b17-417a-88d7-XXXXXXXXXXXX",
  "token_use": "id",
  "auth_time": 1583252488,
  "iss": "https://cognito-idp.us-east-2.amazonaws.com/us-east-2_XXXXXXXX",
  "cognito:username": "testname",
  "exp": 1583256088,
  "iat": 1583252488,
  "email": "testname@mail.no"
}

Run Code Online (Sandbox Code Playgroud)

我使用了两种添加 jwt 身份验证的方法。这对我不起作用。示例1：

{
  "sub": "9ed87b45-da04-4fda-bc74-XXXXXXXXXXXX",
  "event_id": "469880d0-8b17-417a-88d7-XXXXXXXXXXXX",
  "token_use": "access",
  "scope": "aws.cognito.signin.user.admin", …

Run Code Online (Sandbox Code Playgroud)

jwt amazon-cognito asp.net-core

zla*_*zer

2020 03-04

5
推荐指数

1
解决办法

2673
查看次数

标签统计

amazon-cognito ×1

asp.net-core ×1

jwt ×1

如何正确验证空受众的 Cognito JWT 并在之后进行身份验证？

标签 统计

小编zla_zer的帖子

标签统计