Fork me on GitHub

Answer to the question above: how to decode/unsign a JWT in Clojure

👍 1

Good stuff. Another option is to let API-Gateway do the work. The GW knows out-of-box how to verify tokens from Cognito and it puts the payload into downstream requests.

👍 2

That adds of course one more hop.


Didn't knew that 😕 but anyway some of my client<->server requests goes through websockets and my backend already runs on an EC2 cluster behind an ELB, so decoding JWT in my app seems to take me less time to add (better short-term ROI) then migrating the existing stuff to GW.