ninjix
commented
2 years ago I am running into the same error condition. Any luck on figuring this out?
Closed IshakAhmed closed 2 years ago
ninjix
commented
2 years ago I am running into the same error condition. Any luck on figuring this out?
ninjix
commented
2 years ago I got it working for the standard Access Token by modifying the token_use parameter of the CognitoCurrentUser class to use the access value and I changed the CognitoClaims class username field.
All the validation exception catching made for some hours of debugging to figure out what was going on. Now /user/ works from the Swagger docs page when you use the Authorization button with a access_token.
Substituting the module classes with my own to make the docs example work.
class MyCognitoClaims(BaseModel):
username: str = Field(alias="username")
email: str = Field(None, alias="email")
class MyCognitoCurrentUser(UserInfoAuth):
"""
Verify ID token and get user info of AWS Cognito
"""
user_info = MyCognitoClaims
def __init__(
self, region: str, userPoolId: str, client_id: str, *args: Any, **kwargs: Any,
):
url = f"https://cognito-idp.{region}.amazonaws.com/{userPoolId}/.well-known/jwks.json"
jwks = JWKS.fromurl(url)
super().__init__(
jwks,
user_info=self.user_info,
audience=client_id,
issuer=f"https://cognito-idp.{region}.amazonaws.com/{userPoolId}",
extra=CognitoExtraVerifier(
client_id=client_id,
issuer=f"https://cognito-idp.{region}.amazonaws.com/{userPoolId}",
token_use={"access"},
),
*args,
**kwargs,
)
Using the authorization modal (in the docs) ...
id_tokenand attempt to access the/users/endpoint aJWTClaimsErroris caught (i.e. "No access_token provided to compare against at_hash claim.")verifications.pyaccess_tokenand attempt to access the/users/endpoint thetoken_useclaim is flagged (because it is equal to "id").cognito.pyWhat am I missing?