JWT Authentication with FastAPI and AWS Cognito

Medium says I should add a picture, so here we go. Photo by Pietro Jeng on Unsplash

Background

Getting the AWS Cognito public keys

https://cognito-idp.{AWSREGION}.amazonaws.com/{POOLID}/.well-known/jwks.json

Verifying a JWT in Python

hmac_key = jwk.construct(get_hmac_key(token, jwks))

message, encoded_signature = token.rsplit(".", 1)

decoded_signature = base64url_decode(encoded_signature.encode())

return hmac_key.verify(message.encode(), decoded_signature)
Authorization: Bearer JWTTOKENeyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzd…

Bonus: Extracting the username from the JWT

Summary

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store