Skip to content

Instantly share code, notes, and snippets.

@saggie

saggie/Verify_Cognito_JWT_in_Ktor.md

Created August 22, 2021 06:18
Show Gist options
  • Save saggie/38e5979cb813224666af4b3d90e6120f to your computer and use it in GitHub Desktop.
Save saggie/38e5979cb813224666af4b3d90e6120f to your computer and use it in GitHub Desktop.
Download ZIP
Verify Amazon Cognito JWT in Ktor
Raw
Verify_Cognito_JWT_in_Ktor.md

(In Ktor: 1.6.2)

  • application.conf

    ...
jwt {
    issuer = "https://cognito-idp.ap-northeast-1.amazonaws.com/__SPECIFY_POOL_ID_HERE__"
    audience = "__SPECIFY_CLIENT_ID_HERE__"
    realm = "ktor sample app"
}

  • Security.kt

    import com.auth0.jwk.JwkProviderBuilder
import io.ktor.application.*
import io.ktor.auth.*
import io.ktor.auth.jwt.*
import java.util.concurrent.TimeUnit

fun Application.configureSecurity() {
    authentication {
        jwt {
            realm = environment.config.property("jwt.realm").getString()
            val jwtAudience = environment.config.property("jwt.audience").getString()
            val issuer = environment.config.property("jwt.issuer").getString()
            val jwkProvider = JwkProviderBuilder(issuer)
                .cached(10, 24, TimeUnit.HOURS)
                .rateLimited(10, 1, TimeUnit.MINUTES)
                .build()

            verifier(jwkProvider, issuer) {
                acceptLeeway(3)
            }

            validate { credential ->
                if (credential.payload.audience.contains(jwtAudience)) JWTPrincipal(credential.payload)
                else null
            }
        }
    }
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment