Closed swiffer closed 2 years ago
markstory
commented
2 years ago Would this be in the plugins scope to have a cognito authenticator implemented
I am reluctant to provide adapters for proprietary vendor integrations. We are not well equipped to support them as we don't have subscriptions to cloud services. I am guessing that the AWS flavour of JWT is not supported by the libraries we already use for JWT?
dereuromark
commented
2 years ago I would recommend making a custom plugin as an extension to this one SImilar like I did as https://github.com/dereuromark/cakephp-ide-helper-extra for https://github.com/dereuromark/cakephp-ide-helper This way this plugin stays independent from those.
swiffer
commented
2 years ago Ok - after doing a little more research this does not seem to be vendor specific. It's part of JWK which also is supported by firebase/php-jwt
It looks like the only real thing that needs to be changed is instead of passing a secretKey here is passing the result of JWK::parseKeySet() instead.
Additionally up for consideration: Should the JSON response of the public JSON Web Key (JWK) be stored in the config directly (changes are rarely) or should a url be stored and the authenticator is handling, download, cache and json parsing of the public keys.
From the AWS Docs:
Note Downloading and storing the JWK for your user pool is a one-time step before your web API operations can process tokens. After doing so, you can perform the following steps each time the ID token or the access token is used with your web API operations.
swiffer
commented
2 years ago Maybe nothing needs to be changed at all - fetching the keys and parsing them via JWK::parseKeySet can be part of Application.php and the result can be passed as secretKey option to JwtAuthenticator.
swiffer
commented
2 years ago Had to make some minor changes - let me know what you think
Hey there,
we're looking for Authentication of Users via AWS Cognito and JWT.
The current implemenation of the JWT Authenticator supports passing
algorithmandsecretKeyarguments.However AWS Cognito is making use of multiple secret keys and therefore resolution needs some additional steps upfront:
https://github.com/awslabs/aws-support-tools/tree/master/Cognito/decode-verify-jwt#resolution
There is a sample implementation for laravel described on Medium
https://medium.com/@tsubasakondo_36683/verifying-cognito-jwt-with-laravel-d600096a2394
Would this be in the plugins scope to have a cognito authenticator implemented or does anyone know of a plugin that is doing this or should we implement a custom authenticator class for this use case?
This is an outdated plugin I found
https://github.com/awallef/cakephp-cognito-auth
Thanks a lot!