Validate Cognito tokens in Kong
Assuming Kong environment is set up and operating as expected, this blog helps to Validate Cognito tokens in Kong. JWT token issued by popular identity solutions such as Auth0 , Amazon Cognito etc., can be easily Authorized by kong. Here are the steps to validate JWT token issued by Auth0 in Kong. In this blog, I am going to focus on how to validate JWT token issued by Amazon Cognito. Assuming that Amazon Cognito user pools are set up and operating as expected. Every successful authentication of a user, Amazon Cognito issues ID Token Access Token ID token is represented as a JSON Web Key Token (JWT). The token contains claims about the identity of the authenticated user. For example, it includes claims such as name , family_name , phone_number , etc., For more information about standard claims, see the OpenID Connect specification . Extract the public key from Amazon Cognito public endpoint using https://cognito-idp.{region}.amazonaws.com/{userPoolId}/