Assuming you have the following:
-The JWT token
-The public certificate of the provider
you can use the
jwt package to validate the signature. Install it with
pip install jwt.
Once you have the package installed, you can validate the token with the
jwt.decode() function. It takes three arguments: the token, the key used to sign it (in this case, the provider's public certificate), and an algorithm. The last argument is optional, but I recommend specifying it anyway because otherwise the function defaults to using the insecure
HS256 algorithm. For AWS Cognito, you should use
Putting it all together, the code would look something like this:
token = 'your-token-here'
key = 'your-provider-public-certificate-here'
decoded = jwt.decode(token, key, algorithms=['RS256'])
If the token is valid,
decoded will be a dictionary containing the claims made in the token. If the token is invalid,
jwt.decode() will raise an
For more information, see the
jwt package documentation: https://jwt.io/