Token validation with AWS Cognito and NestJS

Jacob Do
Jacob Do
Jun 19, 2020 · 4 min read
Token validation with AWS Cognito and NestJS

In this article, we’ll learn how to validate access tokens issued by AWS Cognito. Validating access tokens is needed to ensure that the data encoded inside the token is valid.

This is the second article in the three-part series about authentication with AWS and NestJS. Please read this first, if you have not already:

as we will continue with the same codebase here.

Registration

Currently, our user pool has no users and the fastest way to do that is to implement a registration endpoint in our NestJS App. To do that, we’ll add a “register” method to our AuthController:

Register method added to auth.controller.ts

We’re making a call to a method “registerUser” in our AuthService, but we have not implemented it yet, so let’s do that now:

registerUser method added to auth.service.ts

With that in place we can call our new register endpoint from Postman in order to create a user:

User created

The user we just created will be marked as “UNCONFIRMED” inside of AWS Cognito, so before we can log in, we need to “confirm” them. To do that, head over to your AWS console:

  • Open “Cognito”
  • Navigate to “Users and Groups”
  • Your users list should contain at least the user was just created
User list in AWS Cognito
  • Click on the user name of that user
  • Press “Confirm user” on the screen that follows.

Authentication

Here we can use the newly created user and hit the login endpoint that we created in the previous article to obtain a user token:

User login success response

This is the token that we can then pass along to any subsequent requests requiring authorisation by placing it in the request headers in the following format:

authorization: Bearer {{ JWT_TOKEN }}

Next up, we need to set up all things needs to be able to make routes accessible only with a valid token and making sure that token has not been tampered with.

Let’s start by installing all the packages that we need for this purpose:

yarn add passport passport-jwt @nestjs/passport jwks-rsa

After that we need to register a PassportModule inside our AuthModule as follows:

PassportModule registered

Then we need to create an authorisation strategy — a strategy is just a fancy word for defining how to validate given credentials, a token in our case, and what to do with the validation outcome.

Let’s create a file called “jwt.strategy.ts” in the same folder as our “auth.module.ts” file and set the contents of that file to this:

In order to let our application know that we wish to use this strategy, we need to pass it as a provider inside AuthModule:

JwtStrategy added to AuthModule

Now we are ready to authorise our users. To test this functionality out, we’ll modify the dummy route in our AppController to make it protected:

We can then head over to our Postman application and test out the code like this:

  • Create a new tab in Postman
  • Set the target URL of that tab to “http://localhost:3000”
  • Open the “Authorization” section
  • Under “type” in the dropdown select “Bearer token”
Setting up Bearer token in Postman
  • Paste your token in the input to the right from the dropdown
  • Hit “Send” and you should be seeing the following:
Successful response from a protected route

That is it. Now we can make sure that the user is who they are claiming to be according to the token that they pass to the application before we allow them to access a certain route.

The code that we wrote in this article is available here: https://github.com/jacobdo2/nestjs-cognito-example

Please leave a clap if you found this helpful and let me know if you had any difficulties making it work.

Weekly Webtips

Explore the world of web technologies through a series of tutorials

By Weekly Webtips

Get the latest news on the world of web technologies with a series of tutorial Take a look.

By signing up, you will create a Medium account if you don’t already have one. Review our Privacy Policy for more information about our privacy practices.

Check your inbox
Medium sent you an email at to complete your subscription.

Weekly Webtips

Explore the world of web technologies through a series of tutorials

Jacob Do

Written by

Jacob Do

HTML engineer by day, Meme connoisseur by night

Weekly Webtips

Explore the world of web technologies through a series of tutorials

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store