...

Source file src/github.com/MicahParks/keyfunc/examples/aws_cognito/main.go

Documentation: github.com/MicahParks/keyfunc/examples/aws_cognito 

     1  package main
     2  
     3  import (
     4  	"fmt"
     5  	"log"
     6  	"time"
     7  
     8  	"github.com/golang-jwt/jwt/v4"
     9  
    10  	"github.com/MicahParks/keyfunc"
    11  )
    12  
    13  func main() {
    14  	// Get the JWKS URL from your AWS region and userPoolId.
    15  	//
    16  	// See the AWS docs here:
    17  	// https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-verifying-a-jwt.html
    18  	regionID := ""   // TODO Get the region ID for your AWS Cognito instance.
    19  	userPoolID := "" // TODO Get the user pool ID of your AWS Cognito instance.
    20  	jwksURL := fmt.Sprintf("https://cognito-idp.%s.amazonaws.com/%s/.well-known/jwks.json", regionID, userPoolID)
    21  
    22  	// Create the keyfunc options. Use an error handler that logs. Refresh the JWKS when a JWT signed by an unknown KID
    23  	// is found or at the specified interval. Rate limit these refreshes. Timeout the initial JWKS refresh request after
    24  	// 10 seconds. This timeout is also used to create the initial context.Context for keyfunc.Get.
    25  	options := keyfunc.Options{
    26  		RefreshErrorHandler: func(err error) {
    27  			log.Printf("There was an error with the jwt.Keyfunc\nError: %s", err.Error())
    28  		},
    29  		RefreshInterval:   time.Hour,
    30  		RefreshRateLimit:  time.Minute * 5,
    31  		RefreshTimeout:    time.Second * 10,
    32  		RefreshUnknownKID: true,
    33  	}
    34  
    35  	// Create the JWKS from the resource at the given URL.
    36  	jwks, err := keyfunc.Get(jwksURL, options)
    37  	if err != nil {
    38  		log.Fatalf("Failed to create JWKS from resource at the given URL.\nError: %s", err.Error())
    39  	}
    40  
    41  	// Get a JWT to parse.
    42  	jwtB64 := "eyJraWQiOiJmNTVkOWE0ZSIsInR5cCI6IkpXVCIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJLZXNoYSIsImF1ZCI6IlRhc2h1YW4iLCJpc3MiOiJqd2tzLXNlcnZpY2UuYXBwc3BvdC5jb20iLCJleHAiOjE2MTkwMjUyMTEsImlhdCI6MTYxOTAyNTE3NywianRpIjoiMWY3MTgwNzAtZTBiOC00OGNmLTlmMDItMGE1M2ZiZWNhYWQwIn0.vetsI8W0c4Z-bs2YCVcPb9HsBm1BrMhxTBSQto1koG_lV-2nHwksz8vMuk7J7Q1sMa7WUkXxgthqu9RGVgtGO2xor6Ub0WBhZfIlFeaRGd6ZZKiapb-ASNK7EyRIeX20htRf9MzFGwpWjtrS5NIGvn1a7_x9WcXU9hlnkXaAWBTUJ2H73UbjDdVtlKFZGWM5VGANY4VG7gSMaJqCIKMxRPn2jnYbvPIYz81sjjbd-sc2-ePRjso7Rk6s382YdOm-lDUDl2APE-gqkLWdOJcj68fc6EBIociradX_ADytj-JYEI6v0-zI-8jSckYIGTUF5wjamcDfF5qyKpjsmdrZJA"
    43  
    44  	// Parse the JWT.
    45  	token, err := jwt.Parse(jwtB64, jwks.Keyfunc)
    46  	if err != nil {
    47  		log.Fatalf("Failed to parse the JWT.\nError: %s", err.Error())
    48  	}
    49  
    50  	// Check if the token is valid.
    51  	if !token.Valid {
    52  		log.Fatalf("The token is not valid.")
    53  	}
    54  	log.Println("The token is valid.")
    55  
    56  	// End the background refresh goroutine when it's no longer needed.
    57  	jwks.EndBackground()
    58  }
    59  

View as plain text