forked from awslabs/aws-jwt-verify
-
Notifications
You must be signed in to change notification settings - Fork 0
/
index.js
30 lines (27 loc) · 821 Bytes
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
"use strict";
const { CognitoJwtVerifier } = require("aws-jwt-verify");
const { assertStringEquals } = require("aws-jwt-verify/assert");
const jwtVerifier = CognitoJwtVerifier.create({
userPoolId: process.env.USER_POOL_ID,
tokenUse: "id",
clientId: process.env.CLIENT_ID,
customJwtCheck: ({ payload }) => {
assertStringEquals("e-mail", payload["email"], process.env.USER_EMAIL);
},
});
exports.handler = async (event) => {
console.log("request:", JSON.stringify(event, undefined, 2));
const jwt = event.headers.authorization;
try {
const payload = await jwtVerifier.verify(jwt);
console.log("Access allowed. JWT payload:", payload);
} catch (err) {
console.error("Access forbidden:", err);
return {
isAuthorized: false,
};
}
return {
isAuthorized: true,
};
};