Joken: Verify AWS Cognito JWT

I’m trying to verify an AWS Cognito JWT. The closest help I have found is this thread:

I’m attempting a similar technique:

authorization = conn |> get_req_header("authorization")
[authorizationHeaderValue | rest] = authorization
jwt = String.slice(authorizationHeaderValue, 7..1500)
awsJwks = Poison.decode!(~s({"keys":[{"alg":"RS256","e":"AQAB","kid":"hcju2zKBpJjOTDd214wkKnrRY9ApwTiPJq+Oe+q6Jz0=","kty":"RSA","n":"rDfAEMwYGBrol5mIA1aEcwtZBUgwYKcs8uVaLW64tZwcn9Nc4G6XMAw9igucWz-yt-4aFyKzw9mpBMqSUeNs7mDUczrMO4UbPn-5fN-cSgCKyLdAUjFKS8-L9O0tqXmBdEbtmferUrz2Nqt1pnCKU0gl2ZHb64hD98feBptqTYiCqh6VZnookBrjhvn9b0CHJnwEgPF__DeeSwlRYPt-pYpSCmI851zspLsnMwtoQQdfe1bL7H28OEa0-O4rRxcI_BJz79c7bHWllDMMhD51xmsn1rngCn8Y2tHIsGr_81Hx7k0Awma-ibJ8Zll8MNrJgmCG7ykz3bAfuDW20vKtpw","use":"sig"},{"alg":"RS256","e":"AQAB","kid":"ttY6v6AGiOqL+ZaDvyg953iG7RWLTwDVq9+cOa1hrZE=","kty":"RSA","n":"q70S6cdm28a0LRj_o8QP7Getgh-QygMbFFp_z-Yxjs1FkKrJva_yNYOdjiO5YC8Dqazcr6OEUYV6iSe7XyOvG6MeAh9Y9gvw_0HmFg-vYb_-pifht5C9E7iKRp5QIcyEO2rie-Gas7QyW8k1uTHJT68gxdoV8hverMwWw2H7L1Y7ec6-jN1tsq1ExYQbi8ELDxzCpeDF_e4FKp2COZEdV_CVN8qxdC6aBTIN7dSNPjXCOQSUv_gw_XIk_G_S2JDJCty_ffdiiXZItviIfi9WZP_2uW8xAo2KX2ssno_wVbTJ_XxxnWy6aFNeaW5yFzHNenSvjJGnKMgVRbkMClXLRQ","use":"sig"}]}))
token = Joken.token(jwt)
with_signer = token |> Joken.with_signer(Joken.rs256(JOSE.JWK.from_map(awsJwks)))
{:ok, claims} = with_signer |> Joken.verify!

BTW, in case it’s not obvious, the String.slice() is to trim off "Bearer " from the header value.

I only get an invalid signature error:

(MatchError) no match of right hand side value: {:error, "Invalid signature"}

FWIW, here is the token I’m trying to verify:


Am I missing something in creating the Joken.Signer?



It is difficult to know how you’ve signed your token. Though this token has a different “kid” claim on its header than the one your passing for JOSE.JWK.from_map/1.

Does this help? The kid on the token is: ttY6v6AGiOqL+ZaDvyg953iG7RWLTwDVq9+cOa1hrZE=\

1 Like

i’ve tryed with this kid and the same token

awsJwks = Poison.decode!(~s({“alg”:“RS256”,“e”:“AQAB”,“kid”:“ttGiOqL+ZaDvyg953iG7R=”,“kty”:“RSA”,“n”:“q70S6cdm28a0LRj_o8QP7Getgh-QygM7iKRp5QIcyEO2rie-Gas7QyW8k1uTHJT68gxdoV8hverMwWw2H7L1Y7ec6-jN1tsq1ExYQbi8ELDxzCpeDF_e4FKp2COZEdV_CVN8qxdC6aBTIN7dSNP_gw_XIk_G_S2JDJCty_fviIfi9WZP_2uW8xAo2KX2ssno_wVbTJ_XxxnWy6aFNeaW5yFzHKMgVRbkMClXLRQ”,“use”:“sig”}))

no match of right hand side value: {:error, “Invalid signature”}

BTW, i’m trying to decode the same token…

thanks for help


@cs-victor-nascimento Thanks for your reply! @reneerojas and I are working on the same problem :slight_smile:

To clarify, we are trying to verify JWTs signed by AWS, which provides the following public key set:

Is the technique above the correct way to create a Joken.Signer?

  1. Decode the AWS key set JSON into an Elixir map
  2. Create a JOSE.JWK key set
  3. Create a Joken.Signer from the JOSE.JWK

I cannot see any other technique to create the Joken.Signer except to read the provided AWS key set JSON and observe that both keys in the set list RS256 as the encryption. Then hard code that by using Joken.rs256().

Is it best if we extract the AWS key with the correct kid from the set before creating the JOSE.JWK? (I think that is what @reneerojas has tried.)


I had to do something similar with Auth0, I ended up just using JOSE directly instead of Joken though.

But anyway, it looks like what you’re missing to me is the fact that the jwks is actually a key set. Meaning you need to get your token from the list before you try to verify. Assuming you only have one key then this should probably do it:

[jwk | _] = JOSE.JWK.from_map(awsJwks)

If not, this is the crazy function that I ended up getting to:

defp jwks_from_binary(jwks_binary) do
    with {:ok, map} <- Poison.decode(jwks_binary),
         {:ok, keys} when is_list(keys) <- Map.fetch(map, "keys"),
         jwks_list when is_list(jwks_list) <-, &JOSE.JWK.from_map/1),
         jwks when is_list(jwks) <- JOSE.JWK.from(jwks_list) do
      {:ok, jwks}
      _ ->
        {:error, :invalid_jwks}

@Azolo Yeah, the Auth0 JWK set is exactly the same format as the AWS set, so I think we need your function, thanks! How are you verifying after extracting the key? Using Joken for that?


Well you’re supposed to use the data in the JWT to get the name of the key in the jwks, but I was pretty frustrated at that point, so I just did:

defp check_against_jwks(token, jwks) do
    Enum.any?(jwks, fn(jwk) ->
      case JOSE.JWT.verify_strict(jwk, ["RS256"], token) do
        {true, _, _} -> true
        _ -> false

Cool! We will give a try just directly with JOSE.JWT :slight_smile:


@Azolo Worked! Wow, great: Clears a big block for us. We’ll use your technique :slight_smile:


1 Like

Glad I could help

1 Like

I’ve stumbled upon the same issue - thanks for the useful answers, which pointed me the right way :smiley:

I actually took it a little further and got it integrated with Joken:

  1. ’ “forked” Joken.Plug and modified line 174 to pass the connection: verified_token = payload_fun.(conn) (see Let’s call it Youproject.modifiedJokenPlug
    Adjust your router’s verify_function to take on argument: def verify_function(conn) do
    and your plug: plug Youproject.modifiedJokenPlug, verify: &Youproject.Router.verify_function/1 (don’t forget, you cb now takes one argument, so it’s /1)
  2. With the connection in the verify function, it is possible to get the claims on the JWT as follows:
["Bearer " <> bearer] = get_req_header(conn, "authorization")
    {:ok, claims} = bearer
    |> String.split(".")
    |> hd
    |> Base.decode64!
    |> Poison.decode
  # claims["kid"] and claims["alg"] are now populated
  1. Load the list of keys (with HTTPoison / auth0 in my case)
{:ok, keylist} = HTTPoison.get!("").body # CHANGE URL
  1. Get the matching key and it’s certificate:
matchingKey = Enum.find(keylist["keys"], fn(x) -> x["kid"] == claims["kid"] && x["alg"] == claims["alg"] end)
key = hd(matchingKey["x5c"]) # I assume, the first key in the certificate chain is also the signing one
  1. Format the signing key so Joken understands it (as PEM, using JOSE, going by Joken’s docs here):
a = "-----BEGIN CERTIFICATE-----"
z = "-----END CERTIFICATE-----"
parts = key
    |> Stream.unfold(&String.split_at(&1, 64)) # 64 Characters per line
    |> Enum.take_while(&(&1 != "")) # Get all remaining chars as well
    fkey = a <>  "\n" <> Enum.join(parts, "\n") <>  "\n"  <> z <> "\n" # Join it all to form the PEM
    q = JOSE.JWK.from_pem(fkey) # And finally get the signer
  1. Return the verifier
    |> with_json_module(Poison)
    |> with_signer(rs256(q))
    |> with_validation("aud", &(&1 == "<expected audience>" || Enum.member?(&1, "<expected audience>"))) # Audience claim can be an array, e.g. if you query it for your application while quering profile as well # CHANGE AUDIENCE
    |> with_validation("exp", &(&1 > current_time))
    |> with_validation("iat", &(&1 <= current_time))
    |> with_validation("iss", &(&1 == "")) # CHANGE URL

Hi, It seems like new Joken version is not supporting these methods. Do you know how to implement these using new Joken 2.0?

I know it has been more than 3 years, but in case someone ends up here, yes, it’s much simpler with Joken 2.5 with the help of a Joken hook called Joken JWKS.