OiO.lk Community platform!

Oio.lk is an excellent forum for developers, providing a wide range of resources, discussions, and support for those in the developer community. Join oio.lk today to connect with like-minded professionals, share insights, and stay updated on the latest trends and technologies in the development field.
  You need to log in or register to access the solved answers to this problem.
  • You have reached the maximum number of guest views allowed
  • Please register below to remove this limitation

AWS Lambda Custom JWT Validation

  • Thread starter Thread starter Andre
  • Start date Start date
A

Andre

Guest


I've built that first validates the JWT Token and then extracts the user unique ID ("sub").

In a non Lambda environment the script works fine, however in the AWS Lambda I'm having an error message.

What could be the problem?

Unexpected error during JWT validation: Unable to find an algorithm for key: {'alg': 'RS256', 'e': 'AQAB', 'kid': 'dmAQX7bVDINFkTGxZc5YCxF5ZA/pcaRsQMUoBbRt4bw=', 'kty': 'RSA', 'n': 'u9hHbyMaI-PWsTG9MtaHjxwBmMez6VeV-ScqIgllBUSQkx8Ao...vGUIG39rb3nPmNVCunBw', 'use': 'sig'}

This is my AWS Lambda code:

Code:
import json
import os
import requests
from jose import jwt, jwk

def get_efs_keys(file_name="/mnt/efs/jwks.json"):
    
    # The jkws.json is obtained from here:
    # https://cognito-idp.<Region>.amazonaws.com/<userPoolId>/.well-known/jwks.json
    
    try:
        with open(file_name, 'r') as file:
            jwks_data = json.load(file)
            return jwks_data.get('keys', [])
    except Exception as e:
        print(f"An error occurred while fetching keys: {e}")
        return []

def validate_jwt(jwt_token, keys):
    if not jwt_token:
        return False, False

    try:
        headers = jwt.get_unverified_headers(jwt_token)
        kid = headers.get('kid')
        if not kid:
            return False, False

        key = next((key for key in keys if key['kid'] == kid), None)
        if key is None:
            return False, False

        public_key = jwk.construct(key)
        decoded_token = jwt.decode(jwt_token, public_key, algorithms=['RS256'], audience=os.environ.get('APP_CLIENT_ID'))
        return True, decoded_token.get('sub', False)
    except jwt.JWTError as e:
        print(f"JWT token validation error: {e}")
        return False, False
    except Exception as e:
        print(f"Unexpected error during JWT validation: {e}")
        return False, False

def lambda_handler(event, context):
    # Get all headers from the event
    headers = event.get('headers', {})

    # Get the Authorization header
    authorization_header = headers.get('Authorization', '')

    # Parse the Bearer token to get only the access token (case-insensitive)
    if authorization_header.lower().startswith('bearer '):
        access_token = authorization_header[7:]
    else:
        access_token = None

    # Get keys from EFS
    keys = get_efs_keys()

    # Validate the JWT token
    jwt_valid, sub = validate_jwt(access_token, keys)

    # Create a response
    response_body = {
        'access_token': access_token,
        'jwt_valid': jwt_valid,
        'sub': sub
    }

    response = {
        'statusCode': 200,
        'headers': {
            'Content-Type': 'application/json'
        },
        'body': json.dumps(response_body)
    }

    return response

If the validation is successful, the "jwt_valid" must be "True" and the "sub" the respective unique value.
<hr />
<p>I've built that first validates the JWT Token and then extracts the user unique ID ("sub").</p>
<p>In a non Lambda environment the script works fine, however in the AWS Lambda I'm having an error message.</p>
<p><strong>What could be the problem?</strong></p>
<p><code>Unexpected error during JWT validation: Unable to find an algorithm for key: {'alg': 'RS256', 'e': 'AQAB', 'kid': 'dmAQX7bVDINFkTGxZc5YCxF5ZA/pcaRsQMUoBbRt4bw=', 'kty': 'RSA', 'n': 'u9hHbyMaI-PWsTG9MtaHjxwBmMez6VeV-ScqIgllBUSQkx8Ao...vGUIG39rb3nPmNVCunBw', 'use': 'sig'}</code></p>
<p>This is my AWS Lambda code:</p>
<pre><code>import json
import os
import requests
from jose import jwt, jwk

def get_efs_keys(file_name="/mnt/efs/jwks.json"):

# The jkws.json is obtained from here:
# https://cognito-idp.<Region>.amazonaws.com/<userPoolId>/.well-known/jwks.json

try:
with open(file_name, 'r') as file:
jwks_data = json.load(file)
return jwks_data.get('keys', [])
except Exception as e:
print(f"An error occurred while fetching keys: {e}")
return []

def validate_jwt(jwt_token, keys):
if not jwt_token:
return False, False

try:
headers = jwt.get_unverified_headers(jwt_token)
kid = headers.get('kid')
if not kid:
return False, False

key = next((key for key in keys if key['kid'] == kid), None)
if key is None:
return False, False

public_key = jwk.construct(key)
decoded_token = jwt.decode(jwt_token, public_key, algorithms=['RS256'], audience=os.environ.get('APP_CLIENT_ID'))
return True, decoded_token.get('sub', False)
except jwt.JWTError as e:
print(f"JWT token validation error: {e}")
return False, False
except Exception as e:
print(f"Unexpected error during JWT validation: {e}")
return False, False

def lambda_handler(event, context):
# Get all headers from the event
headers = event.get('headers', {})

# Get the Authorization header
authorization_header = headers.get('Authorization', '')

# Parse the Bearer token to get only the access token (case-insensitive)
if authorization_header.lower().startswith('bearer '):
access_token = authorization_header[7:]
else:
access_token = None

# Get keys from EFS
keys = get_efs_keys()

# Validate the JWT token
jwt_valid, sub = validate_jwt(access_token, keys)

# Create a response
response_body = {
'access_token': access_token,
'jwt_valid': jwt_valid,
'sub': sub
}

response = {
'statusCode': 200,
'headers': {
'Content-Type': 'application/json'
},
'body': json.dumps(response_body)
}

return response
</code></pre>
<p>If the validation is successful, the "jwt_valid" must be "True" and the "sub" the respective unique value.</p>
 

Latest posts

C
Replies
0
Views
1
CameronBaba
C
A
Replies
0
Views
1
Adembilal Bilal
A
F
Replies
0
Views
1
Farhan Muhammad
F
Top