You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi, I implemented cognito-express in my mac osx environment. Then the devs on my team pulled in the changes to ubuntu on windows and windows PowerShell and kept getting "could not get certificate" errors from the request-promise call in the init method.
Their laptops have more security features than my mac and for some reason, this library was not working for us on all operating systems/setups. I modified the source code to use shelljs + a curl command to get the certificates instead, and now it works on all of our operating systems.
I just wanted to mention this in case anyone else runs into this issue. Also, I think it could be useful to add this logic to the library as an optional strategy in case others also have trouble using this library across multiple systems.
'use strict'constjwkToPem=require('jwk-to-pem'),jwt=require('jsonwebtoken'),shelljs=require('shelljs')classCognitoExpress{constructor(config){if(!config)thrownewTypeError('Options not found. Please refer to README for usage example at https://github.com/ghdna/cognito-express')if(configurationIsCorrect(config)){this.userPoolId=config.cognitoUserPoolIdthis.tokenUse=config.tokenUsethis.tokenExpiration=config.tokenExpiration||3600000this.iss=`https://cognito-idp.${config.region}.amazonaws.com/${this.userPoolId}`this.promise=this.init((callback)=>{})}}init(callback){returnnewPromise((resolve,reject)=>{constchild=shelljs.exec(`curl ${`${this.iss}/.well-known/jwks.json`}`,{async: true,silent: true,})child.stdout.on('data',(data)=>{try{constresponse=JSON.parse(data)if(response){this.pems={}letkeys=response['keys']for(leti=0;i<keys.length;i++){letkey_id=keys[i].kidletmodulus=keys[i].nletexponent=keys[i].eletkey_type=keys[i].ktyletjwk={kty: key_type,n: modulus,e: exponent}letpem=jwkToPem(jwk)this.pems[key_id]=pem}callback(true)resolve(true)}else{callback(false)reject(false)}}catch(error){callback(false)reject(false)}child.kill()})})}validate(token,callback){constp=this.promise.then(()=>{letdecodedJwt=jwt.decode(token,{complete: true})try{if(!decodedJwt)thrownewTypeError('Not a valid JWT token')if(decodedJwt.payload.iss!==this.iss)thrownewTypeError('token is not from your User Pool')if(decodedJwt.payload.token_use!==this.tokenUse)thrownewTypeError(`Not an ${this.tokenUse} token`)letkid=decodedJwt.header.kidletpem=this.pems[kid]if(!pem)thrownewTypeError(`Invalid ${this.tokenUse} token`)letparams={token: token,pem: pem,iss: this.iss,maxAge: this.tokenExpiration,}if(callback){jwtVerify(params,callback)}else{returnnewPromise((resolve,reject)=>{jwtVerify(params,(err,result)=>{if(err){reject(err)}else{resolve(result)}})})}}catch(err){if(!callback)throwerrcallback(err.message,null)}}).catch((e)=>callback(e?.message||e,null))if(!callback){returnp}}}functionconfigurationIsCorrect(config){letconfigurationPassed=falseswitch(true){case!config.region:
thrownewTypeError('AWS Region not specified in constructor')breakcase!config.cognitoUserPoolId:
thrownewTypeError('Cognito User Pool ID is not specified in constructor')breakcase!config.tokenUse:
thrownewTypeError("Token use not specified in constructor. Possible values 'access' | 'id'")breakcase!(config.tokenUse=='access'||config.tokenUse=='id'):
thrownewTypeError("Token use values not accurate in the constructor. Possible values 'access' | 'id'")breakdefault:
configurationPassed=true}returnconfigurationPassed}functionjwtVerify(params,callback){jwt.verify(params.token,params.pem,{issuer: params.iss,maxAge: params.maxAge,},function(err,payload){if(err)returncallback(err,null)returncallback(null,payload)})}module.exports=CognitoExpress
The text was updated successfully, but these errors were encountered:
Hi, I implemented cognito-express in my mac osx environment. Then the devs on my team pulled in the changes to ubuntu on windows and windows PowerShell and kept getting "could not get certificate" errors from the request-promise call in the init method.
Their laptops have more security features than my mac and for some reason, this library was not working for us on all operating systems/setups. I modified the source code to use shelljs + a curl command to get the certificates instead, and now it works on all of our operating systems.
I just wanted to mention this in case anyone else runs into this issue. Also, I think it could be useful to add this logic to the library as an optional strategy in case others also have trouble using this library across multiple systems.
The text was updated successfully, but these errors were encountered: