Amplify-js: How do I validate user server side when using amazon-cognito-identity-js?

Hi @jeremywhittington

Can you provide some more information or code snippet to get a better picture of your use case?

Hi @jeremywhittington

Can you provide some more information or code snippet to get a better picture of your use case?

@manueliglesias I have a python web application and ive successfully implemented amazon-cognito-identity-js client side to authenticate a user on my website. What I am trying to understand is how can I make sure on the back end that they are authenticated?

I have been looking at how to read the token from cookies but havent figured it out yet.

Hi @jeremywhittington

Can you provide some more information or code snippet to get a better picture of your use case?

@manueliglesias what I am trying now is putting the accessToken from authenticateUser into a cookie myself and read it using flask-jwt-simple. Is this the correct approach?

Hi @jeremywhittington

Yeah, the basic idea is to send the token(s) to your backend, and then your backend validates the tokens and their claims.

Some references:

• Access Your Server-side Resources with a User Pool
  

• Verifying a JSON Web Token
  

If you need to manually process tokens for server-side API processing, or if you are using other programming languages, there are many good libraries for decoding and verifying a JWT. See the OpenID Foundation list of libraries for working with JWT tokens.

Closing this issue due to no further response. Feel free to reopen if you still have this issue.

What if you are using a Federated login like Facebook?

Is there any way to get an idToken or other token which can be used with both Federated Login user pools?