[BUG] CognitoJwtInvalidTokenUseError: Token use not allowed: id. Expected: access

[Mickaz89]

Describe the bug

    const authToken = event.headers['Authorization'];
    const verifier = CognitoJwtVerifier.create({
      userPoolId: 'us-east-1_cDd9TR9a5',
      tokenUse: "access",
      clientId: '1irae6vkl1v4f8so6o09h787ev',
    });

    try {
      const payload = await verifier.verify(authToken);
      console.log('Token is valid. Payload:', payload);
    } catch (err) {
      console.log(err);
      console.log('Token not valid!');
    }

Getting this error "JwtInvalidScopeError: Missing Scope. Expected: read"

    const authToken = event.headers['Authorization'];
    const verifier = CognitoJwtVerifier.create({
      userPoolId: 'us-east-1_cDd9TR9a5',
      tokenUse: "access",
      clientId: '1irae6vkl1v4f8so6o09h787ev',
      scope: "read"

    });

    try {
      const payload = await verifier.verify(authToken);
      console.log('Token is valid. Payload:', payload);
    } catch (err) {
      console.log(err);
      console.log('Token not valid!');
    }

Getting this error "CognitoJwtInvalidTokenUseError: Token use not allowed: id. Expected: access"

[ottokruse]

Looks like you're passing in the ID token and not the Access token?

[Mickaz89]

@ottokruse I am taking the token from the headers of the event like this const authToken = event.headers['Authorization']; I am using the aws-serverless-express/middleware library to have access to the event object like this : app.use(awsServerlessExpressMiddleware.eventContext()) So i can have acces to the object in
const event = req.apiGateway.event;

[ottokruse]

Your client application seems to be sending an ID token to your back-end. Either change it to send Access token, or configure the verifier to accept ID tokens (but then you can't check scope because that's an Access token field)

[ottokruse]

Is this resolved @Mickaz89 ?

[Mickaz89]

Yes, my mistake it was ID TOKEN and not Access Token

[ottokruse]

Gotcha, glad that it's solved