I am using AWS Coginto to sign in a user and retrieve the authorization and refresh token response. I am able to successfully authenticate, retrieve the tokens, and decode the tokens. I verify the tokens are decoded on https://jwt.io/.
However, when I use the flask_jwt_extended.set_access_cookies() with the access_token returned from Cognito I get an error saying
jwt.exceptions.InvalidSignatureError: Signature verification failed
The login and code setting the access token is below.
import os
import boto3
from flask import Flask, request, make_response, redirect, render_template
from flask_jwt_extended import set_access_cookies
app = Flask(__name__)
@app.route('/login', methods=['GET', 'POST'])
def login():
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
auth_response = boto3.client('cognito-idp').admin_initiate_auth(
UserPoolId=os.environ['AWS_COGNITO_USER_POOL_ID'],
ClientId=os.environ['APP_CLIENT_ID'],
AuthFlow='ADMIN_NO_SRP_AUTH',
AuthParameters={
'USERNAME': username,
'PASSWORD': password
}
)
response = make_response(redirect('login_success', 302))
set_access_cookies(response, auth_response['AccessToken'], max_age=15)
return response
return render_template('login.html')
The issue was the public key being set was from a previously deleted cognito pool and needed to be updated to the current one.