-
Notifications
You must be signed in to change notification settings - Fork 50
Expand file tree
/
Copy pathindex.mjs
More file actions
31 lines (27 loc) · 832 Bytes
/
index.mjs
File metadata and controls
31 lines (27 loc) · 832 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
import { CognitoJwtVerifier } from "aws-jwt-verify";
import { assertStringEquals } from "aws-jwt-verify/assert";
const jwtVerifier = CognitoJwtVerifier.create({
userPoolId: process.env.USER_POOL_ID,
tokenUse: "id",
clientId: process.env.CLIENT_ID,
customJwtCheck: ({ payload }) => {
assertStringEquals("e-mail", payload["email"], process.env.USER_EMAIL);
},
});
await jwtVerifier.hydrate();
export const handler = async (event) => {
console.log("request:", JSON.stringify(event, undefined, 2));
const jwt = event.headers.authorization;
try {
const payload = await jwtVerifier.verify(jwt);
console.log("Access allowed. JWT payload:", payload);
} catch (err) {
console.error("Access forbidden:", err);
return {
isAuthorized: false,
};
}
return {
isAuthorized: true,
};
};