Amazon-cognito-identity-js: How do I verify the session token on the back end?

Created on 18 Nov 2016  路  1Comment  路  Source: amazon-archives/amazon-cognito-identity-js

Since all this code is front end. How can I take the session token and verify the user is authenticated? For example I want to lock down a route?

Is it similar to these? http://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html

Or would I be better off not using this library and going with adminInitAuth and keeping everything on my back end?

Most helpful comment

I'm not sure if this is the best way, but here is how I do it.

After a successful login, post the 3 tokens and username to your backend service. Then recreate the session based on those tokens and username. Here's my nodejs code:

const idToken = new AmazonCognitoIdentity.CognitoIdToken({
    IdToken: req.body.tokens.idToken.jwtToken,
});
const accessToken = new AmazonCognitoIdentity.CognitoAccessToken({
    AccessToken: req.body.tokens.accessToken.jwtToken,
});
const refreshToken = new AmazonCognitoIdentity.CognitoRefreshToken({
    RefreshToken: req.body.tokens.refreshToken.token,
});

var tokenData = {   IdToken : idToken,
                    RefreshToken: refreshToken,
                    AccessToken: accessToken};

var session = new AmazonCognitoIdentity.CognitoUserSession(tokenData);

 var poolData = {
    UserPoolId: '---',
    ClientId: '---',
    IdentityPoolId: '--'
};

var userPool = new CognitoUserPool(poolData);

var userData = {
    Username: req.body.username,
    Pool: userPool
};

var cognitoUser = new AmazonCognitoIdentity.CognitoUser(userData);
cognitoUser.signInUserSession = session;

console.log('valid? ' + session.isValid());

I used this method because the existing methods to refresh the session rely on local storage (which will not exist on the backend).

>All comments

I'm not sure if this is the best way, but here is how I do it.

After a successful login, post the 3 tokens and username to your backend service. Then recreate the session based on those tokens and username. Here's my nodejs code:

const idToken = new AmazonCognitoIdentity.CognitoIdToken({
    IdToken: req.body.tokens.idToken.jwtToken,
});
const accessToken = new AmazonCognitoIdentity.CognitoAccessToken({
    AccessToken: req.body.tokens.accessToken.jwtToken,
});
const refreshToken = new AmazonCognitoIdentity.CognitoRefreshToken({
    RefreshToken: req.body.tokens.refreshToken.token,
});

var tokenData = {   IdToken : idToken,
                    RefreshToken: refreshToken,
                    AccessToken: accessToken};

var session = new AmazonCognitoIdentity.CognitoUserSession(tokenData);

 var poolData = {
    UserPoolId: '---',
    ClientId: '---',
    IdentityPoolId: '--'
};

var userPool = new CognitoUserPool(poolData);

var userData = {
    Username: req.body.username,
    Pool: userPool
};

var cognitoUser = new AmazonCognitoIdentity.CognitoUser(userData);
cognitoUser.signInUserSession = session;

console.log('valid? ' + session.isValid());

I used this method because the existing methods to refresh the session rely on local storage (which will not exist on the backend).

Was this page helpful?
0 / 5 - 0 ratings