Closed IshakAhmed closed 2 years ago
I am running into the same error condition. Any luck on figuring this out?
I got it working for the standard Access Token by modifying the token_use
parameter of the CognitoCurrentUser
class to use the access
value and I changed the CognitoClaims
class username
field.
All the validation exception catching made for some hours of debugging to figure out what was going on. Now /user/
works from the Swagger docs page when you use the Authorization button with a access_token.
Substituting the module classes with my own to make the docs example work.
class MyCognitoClaims(BaseModel):
username: str = Field(alias="username")
email: str = Field(None, alias="email")
class MyCognitoCurrentUser(UserInfoAuth):
"""
Verify ID token and get user info of AWS Cognito
"""
user_info = MyCognitoClaims
def __init__(
self, region: str, userPoolId: str, client_id: str, *args: Any, **kwargs: Any,
):
url = f"https://cognito-idp.{region}.amazonaws.com/{userPoolId}/.well-known/jwks.json"
jwks = JWKS.fromurl(url)
super().__init__(
jwks,
user_info=self.user_info,
audience=client_id,
issuer=f"https://cognito-idp.{region}.amazonaws.com/{userPoolId}",
extra=CognitoExtraVerifier(
client_id=client_id,
issuer=f"https://cognito-idp.{region}.amazonaws.com/{userPoolId}",
token_use={"access"},
),
*args,
**kwargs,
)
Using the authorization modal (in the docs) ...
id_token
and attempt to access the/users/
endpoint aJWTClaimsError
is caught (i.e. "No access_token provided to compare against at_hash claim.")verifications.py
access_token
and attempt to access the/users/
endpoint thetoken_use
claim is flagged (because it is equal to "id").cognito.py
What am I missing?