Skip to content

Instantly share code, notes, and snippets.

@richmondwang
Last active May 30, 2020 03:08
Show Gist options
  • Save richmondwang/b34ea009e5d102573cb111910212ea14 to your computer and use it in GitHub Desktop.
Save richmondwang/b34ea009e5d102573cb111910212ea14 to your computer and use it in GitHub Desktop.
Gist to decode AWS cognito using the python Jose package
# -*- coding: utf-8 -*-
# pip install python-jose
from jose import jwt
token = "<token here>"
key = {
"alg": "RS256",
"e": "AQAB",
"kid": "+Sr66GHFIwrVWzl9N02mrm96OCoYbNktaekEhXs9+eM=", # <-- this should match the `kid` in the token's headers
"kty": "RSA",
"n": "wB2ECCyBcOzV-uUIqad0WB317dHFMm5eUB1IRGCn6lVXmgfq7GxSuAsrn_8Z8fGAfCxTfwyPww9azIS1BWWpkqN3BCKxJdgJxANOfA9ePx8jJroQDIaZJE9Li_zE__lTpa4QJYGlcbHTaO5T5nVicOw-eaCr6zsLpMNWvO3uwZxVEZTZET9kwGr9wN6nRr57p2ONWmaryqxSYwbxNjzE-OoiUng1MzXEHm4sLJHKpS-r8nzr6NwGH9rDulKkXypzQoDYjZMMJjNyfkZy9-1z8zlfIzJDrhRustDbbWUtMcz0Zlt_r8m_wiN8Ty_cflXBfGsTC-cqQbckvBHuyXdJZQ",
"use": "sig"
}
claims = jwt.decode(
token,
key,
audience='<opt spec aud>',
issuer='<opt spec issuer>'
)
print(claims)
@kasper747
Copy link

How are you defining issuer='?

Also I am getting an error: Signature has expired. However it is different from "Validation failed" and can be used as validation.

@richmondwang
Copy link
Author

@kasper747 issuer here is the issuer you specified during encoding your jwt token.. If you are using cognito, then I think you can set it in the console or there is a spec for that in their docs if it is not settable from the console..

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment