Basically, in the ALB (Application Load Balancer) flow, a user gets a public key from the public-keys.auth.elb endpoint using the id_token's key_id [kid]:
In a normal flow with JWKS, using the JWKS endpoint works well (ie.
http://localhost:9229/userpool/.well-known/jwks.json) but it would be nice to have the public key from an endpoint on cognito-local to match AWS's flow with ALBs.
It should be straightforward enough, like using pem = jwkToPem(jwk); and returning the pem from a given endpoint.
Would it be possible (or is there already?) to add an endpoint that replicates this functionality?
https://docs.aws.amazon.com/elasticloadbalancing/latest/application/listener-authenticate-users.html
Basically, in the ALB (Application Load Balancer) flow, a user gets a public key from the public-keys.auth.elb endpoint using the id_token's key_id [kid]:
In a normal flow with JWKS, using the JWKS endpoint works well (ie. http://localhost:9229/userpool/.well-known/jwks.json) but it would be nice to have the public key from an endpoint on cognito-local to match AWS's flow with ALBs.
It should be straightforward enough, like using
pem = jwkToPem(jwk);and returning the pem from a given endpoint.