pythonjwtamazon-cognitoflask-jwt-extended

flask_jwt_extended giving "jwt.exceptions.InvalidSignatureError: Signature verification failed" error


I am using AWS Coginto to sign in a user and retrieve the authorization and refresh token response. I am able to successfully authenticate, retrieve the tokens, and decode the tokens. I verify the tokens are decoded on https://jwt.io/.

However, when I use the flask_jwt_extended.set_access_cookies() with the access_token returned from Cognito I get an error saying

jwt.exceptions.InvalidSignatureError: Signature verification failed

The login and code setting the access token is below.

import os
import boto3
from flask import Flask, request, make_response, redirect, render_template
from flask_jwt_extended import set_access_cookies

app = Flask(__name__)

@app.route('/login', methods=['GET', 'POST'])
def login():
    if request.method == 'POST':
        username = request.form['username']
        password = request.form['password']

        auth_response = boto3.client('cognito-idp').admin_initiate_auth(
            UserPoolId=os.environ['AWS_COGNITO_USER_POOL_ID'],
            ClientId=os.environ['APP_CLIENT_ID'],
            AuthFlow='ADMIN_NO_SRP_AUTH',
            AuthParameters={
                'USERNAME': username,
                'PASSWORD': password
            }
        )

        response = make_response(redirect('login_success', 302))
        set_access_cookies(response, auth_response['AccessToken'], max_age=15)

        return response

    return render_template('login.html')

Solution

  • The issue was the public key being set was from a previously deleted cognito pool and needed to be updated to the current one.