search

awslabs / aws-jwt-verify

JS library for verifying JWTs signed by Amazon Cognito, and any OIDC-compatible IDP that signs JWTs with RS256, RS384, and RS512
Apache License 2.0
615 stars 43 forks source link

v5.0.0 tracking issue #166

Open ottokruse opened 2 months ago

ottokruse commented 2 months ago

In release v5.0.0 we aim to support AWS ALB (#109 ) for which we have to do significant groundwork. This issue tracks that groundwork:

ottokruse commented 1 month ago

ALB docs on verifying their JWTs: link

Notably: they put iss, client and exp claims in the JWT header––which is non-standard, according to standard they should be in the JWT payload.

And here's the docs for Amazon Verified Access which works similar to ALB: link