[QUESTION] Support for customizing default verification

[bigen1925]

Question Would it be acceptable to add a support for customizing default verification?

---

Thanks in advance for develop and maintenance this great library! This save me from many complex lines and common mistakes.

Btw, I use the emulator of cognito in local development environment (and real cognito in production). It works with container and in local endpoint (ex, http://localhost:9229).

I want to use aws-jwt-verify with it , but there are some issues.

• jwks_uri is needed to customize (this is possible)
  • ex) jwksUri: settings.cognitoEndpoint && `${settings.cognitoEndpoint}/.well-known/jwks.json`
• user-pool-id is generated as local_xxxxxx with the emulator, and user-pool-id verification is failed.
• issuer in JWT become http://localhost:9229/ with the emulator, and issuer verification is failed.
• and there may be more ( now verification is stopped with issuer error )

I'm happy if I can handle these with aws-jwt-verify in some way.

There are some possible solutions, but I think most of those are more or less emulator-specific. For example,

• CognitoJwtVerifier receive customEndpoint as a parameter, and use it as endpoint of jwksUri and issuer verification
  • emulators may use or not the same path as a jwksUri
  • emulators may use or not the same string as a issuer
• when customEndpoint is specified, skip user-pool-id verification
  • if emulators doesn't custom region name, verification should not be skipped.

So, I think well new feature is

• CognitoJwtVerifier receive customUserPoolIdCheck customIssuerCheck and override default behavior
• or, receive customDefaultCheck and override all default check.

---

I understand and agree that aws-jwt-verify should focus on real AWS services. This feature weaken security with wrong use so I'm wondering if it is acceptable.

On the other hand, many aws-sdk clients are basically support for customEndpoint and can use with several emulators. I would be happy if aws-jwt-verify can use with them :)

---

Versions Which version of aws-jwt-verify are you using? 4.0.0 Are you using the library in Node.js or in the Web browser? Node.js If Node.js, which version of Node.js are you using? (Should be at least 14) 18.12.1 If Web browser, which web browser and which version of it are you using?

If using TypeScript, which version of TypeScript are you using? (Should be at least 4) 5.1.6

[ottokruse]

Valid request! Thanks for posting.

We need some time to research this and form an opinion. Thanks for your suggestions and ideas, that's very helpful.