Architectural change for the request for the Token Guard

[Physicliar]

I built a more like api based a laravel application. There are also some other api services which is built with serverless structure and using cognito authorizers. Since both of the services are being used in the mobile platforms two different token structure is needed. To make it mono structure, it is being requested from me to use same cogito token for authorization. I have read the implementation especially for Token system and following is my solution which I believe will work better. Especially the reason I suggest this solution is the fact that cognito mobil sdks do the most of the job easily in terms of login, registration and token refreshing vice versa.

Solution The package already verify the token and claim the user. However, I believe if we can add a column to User's data named sub, we can easily match the user and return the user. That's how we can use the powerful features of the User model. Example Token Verification Payload

{
  "sub": "aaaaaaaa-bbbb-cccc-dddd-example",
  "aud": "xxxxxxxxxxxxexample",
  "email_verified": true,
  "token_use": "id",
  "auth_time": 1500009400,
  "iss": "https://cognito-idp.ap-southeast-2.amazonaws.com/ap-southeast-2_example",
  "cognito:username": "anaya",
  "exp": 1500013000,
  "given_name": "Anaya",
  "iat": 1500009400,
  "email": "anaya@example.com"
}

Additional context Since the program is already in production it is hard to make radical changes in the code. That's why what I am seeking for basically a cognito authorizer which I can match the verified user with already existing users using their sub. Why I am creating this issue is that I saw that this packages simply ignores sub and uses username since it is also unique. However, I think it is important to involve the sub which corresponds to id in our case.

I also could not understand the match mechanism of the package. From the example code

            //Register User in cognito
            if ($cognitoRegistered=$this->createCognitoUser($data)) {

                //If successful, create the user in local db
                User::create($collection->only('name', 'email'));
            } //End if

I understand that you are matching users using their email by default. To change it the keyUsername should be changed. Can we change it to phone_number for example. If yes how we can do it?

class CognitoTokenGuard extends TokenGuard
{
    /**
     * Username key
     * 
     * @var  \string  
     */
    protected $keyUsername;

   ...

Appreciate your help and understanding.

[amitdhongde]

Hey @Physicliar, Thank you for reaching out. We have not used 'sub' because the JWT token will need to be decrypted. That is not a big concern, but in case the JWT token is encrypted with a secure certificate, that makes it complex for a library-type solution.

[amitdhongde]

Let me review how we can make that change easy to implement/configure and revert after X'mas