1

We currently have a .NET Core 3.1 app that uses AWS Cognito to log in - that works all fine.

However, we are struggling to get an access token (JWT) which we can then pass on to a request to a Lambda function. All the guides I find seem are either outdated or missing something crucial.

It would be great if we could get the token automatically but then also retrieve it on demand from user claims or similar. We can then add the Bearer token to the request header calling a Lambda function via the API Gateway.

Below is what I have, but I have two issues:

  1. It doesn't provided an error if I purposely give it false information. Is this correct?
  2. I don't know how to get the token from a PageModel so that I can add the token to a header before making a GET request to a Lambda function.

Updated version

Liam
  • 439
  • 1
  • 4
  • 26

2 Answers2

0

You can't really supply the key here because AWS will change it frequently. The solution is to have the code look it up dynamically. This answer to a similar question should help you out.

Jason Wadsworth
  • 8,059
  • 19
  • 32
  • Thanks! I'll give that a look first thing in the morning. – Liam Feb 20 '20 at 02:28
  • On the example on the link they are using nodejs. Is there a way to get the bearer token via a c# controller please? – Liam Feb 20 '20 at 02:35
  • Are you looking for how to get the bearer token on the server? – Jason Wadsworth Feb 20 '20 at 03:01
  • Possibly yes, not sure what best practice is to be honest. We current uses 'Pages' so that each cshtml page has a .cs page with it with all the c#. That will then be sending a get/post/put, etc request to the lambda function with eh correct headers including the access token. – Liam Feb 20 '20 at 04:54
  • The token should be in the authorization request header. The question for me is around what you intend to do with it. The referenced solution is about validating that token as a part of the request, so the user will get a 401 response if the token is not valid, or not verifiable. Once you are past that the `Request.User` will have identity information about the user. – Jason Wadsworth Feb 20 '20 at 19:21
0

In the end it just required on line in the pages controller.

var it = HttpContext.GetTokenAsync(OpenIdConnectParameterNames.IdToken);

Then the result of that can be put into a request Authorisation header.

Liam
  • 439
  • 1
  • 4
  • 26