te')); return $arr; } /* 遍历用户所有主题 * @param $uid 用户ID * @param int $page 页数 * @param int $pagesize 每页记录条数 * @param bool $desc 排序方式 TRUE降序 FALSE升序 * @param string $key 返回的数组用那一列的值作为 key * @param array $col 查询哪些列 */ function thread_tid_find_by_uid($uid, $page = 1, $pagesize = 1000, $desc = TRUE, $key = 'tid', $col = array()) { if (empty($uid)) return array(); $orderby = TRUE == $desc ? -1 : 1; $arr = thread_tid__find($cond = array('uid' => $uid), array('tid' => $orderby), $page, $pagesize, $key, $col); return $arr; } // 遍历栏目下tid 支持数组 $fid = array(1,2,3) function thread_tid_find_by_fid($fid, $page = 1, $pagesize = 1000, $desc = TRUE) { if (empty($fid)) return array(); $orderby = TRUE == $desc ? -1 : 1; $arr = thread_tid__find($cond = array('fid' => $fid), array('tid' => $orderby), $page, $pagesize, 'tid', array('tid', 'verify_date')); return $arr; } function thread_tid_delete($tid) { if (empty($tid)) return FALSE; $r = thread_tid__delete(array('tid' => $tid)); return $r; } function thread_tid_count() { $n = thread_tid__count(); return $n; } // 统计用户主题数 大数量下严谨使用非主键统计 function thread_uid_count($uid) { $n = thread_tid__count(array('uid' => $uid)); return $n; } // 统计栏目主题数 大数量下严谨使用非主键统计 function thread_fid_count($fid) { $n = thread_tid__count(array('fid' => $fid)); return $n; } ?>javascript - Where can I retrieve the public key for an Cognito Identity Pool? - Stack Overflow

科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>javascript - Where can I retrieve the public key for an Cognito Identity Pool? - Stack Overflow

    javascript - Where can I retrieve the public key for an Cognito Identity Pool? - Stack Overflow

    programmeradmin3浏览0评论

    Actually I retrieved an signed JWT for an unauthenticated user by the following code.

    AWS.config.region = 'eu-central-1'; // Region
AWS.config.credentials = new AWS.CognitoIdentityCredentials({
    IdentityPoolId: 'eu-central-1:cccccc-cccc-cccc-cccc',
    RoleArn: 'arn:aws:iam::iiiiiiiiiiiii:role/Cognito_MyIdentityPoolUnauth_Role'
});
// Obtain Open ID Token (JWT)
AWS.config.credentials.get(function() {
    console.log(AWS.config.credentials.params.WebIdentityToken);
});

    How can I retrieve the public key to verify the signature?

    I can only find documentation covering tokens from an user pool. As i want to handle unauthenticated users this does not help me.

    Actually I retrieved an signed JWT for an unauthenticated user by the following code.

    AWS.config.region = 'eu-central-1'; // Region
AWS.config.credentials = new AWS.CognitoIdentityCredentials({
    IdentityPoolId: 'eu-central-1:cccccc-cccc-cccc-cccc',
    RoleArn: 'arn:aws:iam::iiiiiiiiiiiii:role/Cognito_MyIdentityPoolUnauth_Role'
});
// Obtain Open ID Token (JWT)
AWS.config.credentials.get(function() {
    console.log(AWS.config.credentials.params.WebIdentityToken);
});

    How can I retrieve the public key to verify the signature?

    I can only find documentation covering tokens from an user pool. As i want to handle unauthenticated users this does not help me.

    • javascript
    • amazon-web-services
    • jwt
    • amazon-cognito
    Share Improve this question asked Feb 23, 2019 at 8:43 tkrtkr 1,3811 gold badge11 silver badges27 bronze badges
    Add a ment  | 

    1 Answer 1

    Reset to default 15

    The AWS documentation only describes how to retrieve public keys for User Pools, but there are public keys for Identity Pools as well. While the URL for User Pool public keys (https://cognito-idp.region.amazonaws./userPoolId/.well-known/jwks.json) contains the User Pool Id the URL for Identity Pools does not.

    Public Keys for Cognito Identity Pools can be retrieved from https://cognito-identity.amazonaws./.well-known/jwks_uri. This provides the public keys for all possible Identity Pools across regions.

    To identitfy the right key you have to inspect the Open Id Token header. The property kid identifies the right key in the key list.

    {
    "kid": "eu-central-11",
    "typ": "JWS",
    "alg": "RS512"
}

    E.g. in this case the right jwk would be:

    {
    kty: "RSA",
    alg: "RS512",
    use: "sig",
    kid: "eu-central-11",
    n: "AL9Kz62JHMpn5kBEqyoaXkM56x3l3Wi0kg0Juv71QtXo5M4ZJYxouKdcrKfevYTRNm6DE0hTbJnyj7Bh4EYbmruGdSWE970xkcFJxcgak0j4rneRX5G1E/xN27M42OOLmZCe8O6l3nksD0XGOqBPqOSEP3pYCNAYMncpSGnit56fUX+yszfMjGP3DVSUFZKtXbqwt/S0VpBi5BQbbD57R8DKenQsPfln91tgGopmXP66vZ4yWRUzs/mqHxcez3FcgHHXc6AbEJ6GOSVd9t+BCUW5kVY0aYO301PJczvB3zfsI6qebjS6BFTvMp8SqK532ZRnXEMgs/5gc9cfxpDsgvk=",
    e: "AQAB"
}

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论