0
exports.signIn = (body) => {
    return new Promise((resolve, reject) => {
        var authenticationData = {
            Username: body['username'],
            Password: body['password'],
        };
        var authenticationDetails = new AmazonCognitoIdentity.AuthenticationDetails(authenticationData);
        var userPool = new AmazonCognitoIdentity.CognitoUserPool(poolData);
        var userData = {
            Username: body['username'],
            Pool: userPool,
        };
        var cognitoUser = new AmazonCognitoIdentity.CognitoUser(userData);
        cognitoUser.authenticateUser(authenticationDetails, {
            onSuccess: (result) => {
                resolve({
                    "status": 1, "message": "user signed in successfully ", "data": {
                        "idToken": result.getIdToken().getJwtToken(),
                        "accessToken": result.getAccessToken().getJwtToken(),
                        "refreshToken": result.getRefreshToken().getToken()
                    }
                });
            },
            onFailure: (error) => {
                let message = "User sign in failed " + error
                let status = 0
                if(error.code == 'NotAuthorizedException'){
                    message = "Incorrect username or password"
                } else if(error.code == 'UserNotConfirmedException'){
                    message = "User confirmation pending with OTP"
                    status = 2
                }
                reject({ "status": status, "message": message });
            },
        });
    })
}

I need to add custom data inside the id token. The data is dynamic, so I cannot add it as a custom field in cogito user detail. The exact requirement is: Just before creating the id token, I need to fetch the data from the database and include it with JWT id token.

noninertialframe
  • 568
  • 1
  • 10
  • 24
KIRAN K J
  • 632
  • 5
  • 28
  • 57

1 Answers1

0

If you want a cognito jwt token, it's not possible at the moment.

In order to add data to JWT id token, you need decode the token, add data, and encode the updated data. However, in order to encode the updated data, you would need the private key that AWS cognito uses, and there is no way to get it or use your own private key at the moment to my knowledge.

An alternative method would be to use your own private key when you encode the updated data. Yet, the token would not be a Cognito JWT anymore and could cause problems in other parts of your app.

Therefore, my suggestion is to pass the data separately instead of including it in the JWT token. If you can include JWT token in your future requests, you can also include a parameter or a body as well. If it is a sensitive data, you can encode it with the typical algorithms

References:

noninertialframe
  • 568
  • 1
  • 10
  • 24