Open mevansam opened 2 weeks ago
@mevansam Thanks for opening the issue. We will attempt to reproduce this.
@mevansam you can use
final result = await _cognitoPlugin.fetchAuthSession();
final accessToken = result.userPoolTokensResult.value.accessToken.raw;
this is the encoded JWT string that you can use for authorization header.
Description
The encoded JWT tokens provided via a valid Amplify Cognito SDK Session instance contain an invalid signature.
Categories
Steps to Reproduce
After login via the Flutter Amplify Cognito plugin JWT tokens are retrieved from the session and passed to upstream APIs in Authorization headers. The following steps were followed:
1) Fetched the token from the logged in session.
2) The
encodedToken
is then passed to APIs in theAuthorization
HTTP header.After investigation, it was determined that the raw token extracted as follows was valid.
The issue appears to be that the
message
part of the JWT token is deserialized and then serialized when re-encoding with the keys in ascending order which is different from the original token issued by the Cognito iDP. This results in the original signature becoming invalid.Screenshots
No response
Platforms
Flutter Version
3.24.0
Amplify Flutter Version
2.4.0
Deployment Method
Custom Pipeline
Schema