Simple integration between FastAPI and cloud authentication services (AWS Cognito, Auth0, Firebase Authentication).
323
stars
35
forks
source link
[Cognito] App client_id is not validated for Cognito JWT (access_token) #76
Open
tivaliy opened 1 year ago
I faced with an issue when using congito auth, app
client_id
is not validating during token verification. So you can path any ID and it will work.The problem is that
jwt.decode
(jose
lib) doesn't expectclient_id
in token and sinceaud
is not defined it skips validation.