Fork me on GitHub
#aws
<
2021-09-20
>
Ben Hammond20:09:03

I am using Cognito to generate user id_tokens I would like to be able to hand-create my own id_token, with the public bit of the signing key available at . So I need to either i) access the Signing Key that Cognito is using to sign its tokens OR ii) create my own signing key , and poke the public bit ito ~/.well-known/jwks.json I was just having a go at i), and I thought that https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetSigningCertificate.html looked promising, but then I released that I didn't known what to do with it ...

(-> 
 (->>
  {:op :GetSigningCertificate :request {:UserPoolId "eu-west-2_*****"}}
  (aws/invoke (aws/client {:api :cognito-idp :region :eu-west-2}))
  (:Certificate)
  (.decode (java.util.Base64/getDecoder)))
 (String. "ISO-8859-1"))
returns garbage How would you go about signing your own JWTs and making the verification key available?