Assuming you have the following:
-The JWT token
-The public certificate of the provider
you can use the jwt
package to validate the signature. Install it with pip install jwt
.
Once you have the package installed, you can validate the token with the jwt.decode()
function. It takes three arguments: the token, the key used to sign it (in this case, the provider's public certificate), and an algorithm. The last argument is optional, but I recommend specifying it anyway because otherwise the function defaults to using the insecure HS256
algorithm. For AWS Cognito, you should use RS256
.
Putting it all together, the code would look something like this:
import jwt
token = 'your-token-here'
key = 'your-provider-public-certificate-here'
decoded = jwt.decode(token, key, algorithms=['RS256'])
If the token is valid, decoded
will be a dictionary containing the claims made in the token. If the token is invalid, jwt.decode()
will raise an InvalidSignatureError
exception.
For more information, see the jwt
package documentation: https://jwt.io/