我正在做以下
String region = "us-east-1";
String poolID = "us-east-1_whatever";
public Boolean valid() {
try {
String cognitoUrl = String.format("https://cognito-idp.%s.amazonaws.com/%s/.well-known/jwks.json", region, poolID);
JwkProvider provider = new UrlJwkProvider(new URL(cognitoUrl));
// got the value from the cognito url
Jwk jwk = provider.get("value");
RSAPublicKey publicKey = (RSAPublicKey) jwk.getPublicKey();
Algorithm algorithm = Algorithm.RSA256(publicKey, null);
String iss = String.format("https://cognito-idp.%s.amazonaws.com/%s", region, poolID);
JWTVerifier verifier = JWT.require(algorithm).withIssuer(iss).build();
verifier.verify(token);
} catch (Exception err) {
return false;
}
return true;
}
,但看起来很懒惰。如何更快地验证令牌?我正在使用
compile group: 'com.auth0', name: 'jwks-rsa', version: '0.3.0'
compile 'com.auth0:java-jwt:3.8.1'
亚马逊建议每次使用众所周知的JWK URL,如其支持存储库中所述。
缓存不是建议的做法,因为该值会发生变化。因此,我建议继续您当前的方法以确保具有最佳安全性的相同功能。