Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Decrypt a Cookie #41

Open
Clarha opened this issue Feb 14, 2024 · 1 comment
Open

Decrypt a Cookie #41

Clarha opened this issue Feb 14, 2024 · 1 comment

Comments

@Clarha
Copy link

Clarha commented Feb 14, 2024

There is a function to validate a JWT token passed in the QueryString, but is there a way to decrypt a cookie as well?

What I am attempting to do is decrypt a cookie, check the information for the user in said cookie and add a header that identifies the user as authenticated.

The function would then add a header to the request identifying the user as such. This would allow us to serve protected content cached at CloudFront as opposed to going deeper into our stack.
@stschulte
Copy link

stschulte commented Feb 21, 2024
edited
Loading

cookies are part of the event. Let's assume your cookie that holds the JWT is called "JWT". Then you code could look like this (untested!)

function handler(event) {
  const request = event.request;
  const uri = request.uri;
  const cookies = request.cookies

  if(cookies && cookies["JWT"]) {
    const tokenCookie = cookies["JWT"]
    const jwtToken = tokenCookie.value

    try{ 
      jwt_decode(jwtToken, key);
    }
    catch(e) {
      console.log(e);
      return response401;
    }

    console.log("Valid JWT token");
    return request;
  }
  // no cookies?
  return response401;
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@stschulte @Clarha