UNPKG

aws-cognito-next

Version:

Authentication helpers to enable usage of [AWS Cognito](https://aws.amazon.com/en/cognito/) in [next.js](https://nextjs.org/) applications.

dferber90/aws-cognito-next

85 lines (74 loc) 2.77 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
#!/usr/bin/env node const argv = require("yargs") .usage("Fetches Cognito User Pool's public keys and converts them to pems.") .usage("Usage: $0 --region [region] -userPoolId [userPoolId]") .option("region", { type: "string", description: "AWS Region of Cognito User Pool", require: true, }) .option("userPoolId", { type: "string", description: "User Pool Id of Cognito User Pool", require: true, }) .option("out", { type: "string", description: "File to write pems to", default: "pems.json", }).argv; const region = argv.region; const userPoolId = argv.userPoolId; const out = argv.out; // A script which creates pems.json depending on the env-vars by fetching them // from the URL shown in the docs below and writing the result to pems.json. // https://aws.amazon.com/de/premiumsupport/knowledge-center/decode-verify-cognito-json-token/ // https://github.com/awslabs/aws-support-tools/tree/master/Cognito/decode-verify-jwt // Different types of tokens // https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html const fs = require("fs"); const path = require("path"); const fetch = require("node-fetch"); const jwkToPem = require("jwk-to-pem"); const url = `https://cognito-idp.${region}.amazonaws.com/${userPoolId}/.well-known/jwks.json`; fetch(url) .then((res) => res.json()) .then( (res) => { if (res.message) { console.error(res.message); return process.exit(1); } if (!Array.isArray(res.keys) || res.keys.length === 0) { console.error("No keys present in response"); console.log(res); return process.exit(1); } const outputFile = path.join(process.cwd(), out); let existingPems; try { existingPems = require(outputFile); } catch (e) { existingPems = {}; } // map public-keys to pems, so the client/server don't need to do it // on every request const pems = res.keys.reduce((acc, key) => { if (!acc[region]) acc[region] = { [userPoolId]: {} }; if (!acc[region][userPoolId]) acc[region][userPoolId] = {}; acc[region][userPoolId][key.kid] = jwkToPem(key); return acc; }, existingPems); fs.writeFileSync(outputFile, JSON.stringify(pems, null, 2)); }, () => { const red = (str) => `\x1b[31m${str}\x1b[0m`; console.error(red("Error"), `Could not fetch jwks.json from Cognito`); console.error(`Tried "${url}", but it does not exist.`); console.error(``); console.error( `Maybe the provided region (${region}) or userPoolId (${userPoolId}) are incorrect?` ); return process.exit(1); } );