search

awslabs / aws-jwt-verify

JS library for verifying JWTs signed by Amazon Cognito, and any OIDC-compatible IDP that signs JWTs with RS256, RS384, and RS512
Apache License 2.0
594 stars 43 forks source link

[BUG] Getting linting errors but the code is working as expected #127

Closed punit1108 closed 1 year ago

punit1108 commented 1 year ago

Describe the bug I am getting lint errors when trying to use CognitoJwtVerifier.create with an array of CognitoJwtVerifierProperties. But the code is working as expected.

Screenshot 2023-06-19 at 12 51 51 PM

same goes for verifier.verify(authToken, verifierParams)

where verifierParams is a CognitoJwtVerifierProperties

image

Versions Which version of aws-jwt-verify are you using? 4.0.0 Are you using the library in Node.js or in the Web browser? Node.js If Node.js, which version of Node.js are you using? (Should be at least 14) 18.6.0 If Web browser, which web browser and which version of it are you using? If using TypeScript, which version of TypeScript are you using? (Should be at least 4) 5.1.3

To Reproduce If you can, please provide a minimal code example that reproduces the bug.

    const verifier = CognitoJwtVerifier.create([{
      userPoolId: (process.env.USER_COGNITO_USER_POOL_ID as string),
      tokenUse: TOKEN_USE,
      clientId: process.env.USER_COGNITO_CLIENT_ID,
    }, {
      userPoolId: (process.env.AGENT_COGNITO_USER_POOL_ID as string),
      tokenUse: TOKEN_USE,
      clientId: process.env.AGENT_COGNITO_CLIENT_ID,
    }])

    const user = await verifier.verify(authToken, verifierParams)
ottokruse commented 1 year ago

Can you try cast the clientId also as string (or add exclamation mark after, eg process.env.USER_COGNITO_CLIENT_ID!).

If you use an array, as you do, these fields are mandatory, which is why this shows as an error. (TS does not know that at runtime those env vars will have a value)

punit1108 commented 1 year ago

I tried both the things mentioned above. Doesn't fix the warnings.

ottokruse commented 1 year ago

This should work (assuming TOKEN_USE is inferred by TS as "id" | "access"):

const verifier = CognitoJwtVerifier.create([{
      userPoolId: process.env.USER_COGNITO_USER_POOL_ID!,
      tokenUse: TOKEN_USE,
      clientId: process.env.USER_COGNITO_CLIENT_ID!,
    }, {
      userPoolId: process.env.AGENT_COGNITO_USER_POOL_ID!,
      tokenUse: TOKEN_USE,
      clientId: process.env.AGENT_COGNITO_CLIENT_ID!,
    }])

Paste a screen shot of the error with those modifications please?

punit1108 commented 1 year ago 
export type TokenUse = 'id' | 'access'

export const userParams: CognitoJwtVerifierProperties = {
  userPoolId: process.env.USER_COGNITO_USER_POOL_ID!,
  tokenUse: ('id' as TokenUse),
  clientId: process.env.USER_COGNITO_CLIENT_ID!,
}

export const agentParams: CognitoJwtVerifierProperties = {
  userPoolId: process.env.AGENT_COGNITO_USER_POOL_ID!,
  tokenUse: ('id' as TokenUse),
  clientId: process.env.AGENT_COGNITO_CLIENT_ID!,
}
Screenshot 2023-06-19 at 3 46 35 PM

There you go @ottokruse

ottokruse commented 1 year ago

You're battling TypeScript ;) Don't cast userParams and agentParams as CognitoJwtVerifierProperties --> that type is to be used with a single user pool verifier, but you are using multi (because you're passing an array of config options). Instead use CognitoJwtVerifierMultiProperties.

export type TokenUse = 'id' | 'access'

export const userParams: CognitoJwtVerifierMultiProperties = {
  userPoolId: process.env.USER_COGNITO_USER_POOL_ID!,
  tokenUse: ('id' as TokenUse),
  clientId: process.env.USER_COGNITO_CLIENT_ID!,
}

export const agentParams: CognitoJwtVerifierMultiProperties = {
  userPoolId: process.env.AGENT_COGNITO_USER_POOL_ID!,
  tokenUse: ('id' as TokenUse),
  clientId: process.env.AGENT_COGNITO_CLIENT_ID!,
}
punit1108 commented 1 year ago

This fixes the problem. Marking the issue closed.

Thank you @ottokruse