Would like to use Kong API Gateway for my microservices. API requests will be sent with an access token generated by Cognito in the headers of the request like so:
Bearer
How can we validate a JWT token generated by Amazon Cognito using the JWT Plugin. Looking to validate the token from Cognito and possibly grab its attributes /claims like user group, user email.
You probably need to build your own plugin to validate the token. The built-in jwt plugin is for a custom JWT workflow. There’s an enterprise plugin that does this, but as I said, it’s under enterprise license.
For building your own using go libraries, you can check out these:
“github.com/MicahParks/keyfunc/v3”
“github.com/golang-jwt/jwt/v5”
Basically, you use the golang-jwt to decode the token and keyfunc to get and use the jwks info to validate the token and use as input for the jwt.Parse workflow.