flask_jwt_extended giving "jwt.exceptions.InvalidSignatureError: Signature verification failed" error
flask_jwt_extended giving "jwt.exceptions.InvalidSignatureError: Signature verification failed" error
我正在使用 AWS Coginto 登录用户并检索授权和刷新令牌响应。我能够成功地进行身份验证、检索令牌和解码令牌。我验证令牌已在 https://jwt.io/.
上解码
但是,当我将 flask_jwt_extended.set_access_cookies() 与从 Cognito 返回的 access_token 一起使用时,我收到一条错误消息
jwt.exceptions.InvalidSignatureError: Signature verification failed
设置访问令牌的登录名和代码如下。
import os
import boto3
from flask import Flask, request, make_response, redirect, render_template
from flask_jwt_extended import set_access_cookies
app = Flask(__name__)
@app.route('/login', methods=['GET', 'POST'])
def login():
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
auth_response = boto3.client('cognito-idp').admin_initiate_auth(
UserPoolId=os.environ['AWS_COGNITO_USER_POOL_ID'],
ClientId=os.environ['APP_CLIENT_ID'],
AuthFlow='ADMIN_NO_SRP_AUTH',
AuthParameters={
'USERNAME': username,
'PASSWORD': password
}
)
response = make_response(redirect('login_success', 302))
set_access_cookies(response, auth_response['AccessToken'], max_age=15)
return response
return render_template('login.html')
问题是 public 设置的密钥来自之前删除的认知池,需要更新为当前密钥。
我正在使用 AWS Coginto 登录用户并检索授权和刷新令牌响应。我能够成功地进行身份验证、检索令牌和解码令牌。我验证令牌已在 https://jwt.io/.
但是,当我将 flask_jwt_extended.set_access_cookies() 与从 Cognito 返回的 access_token 一起使用时,我收到一条错误消息
jwt.exceptions.InvalidSignatureError: Signature verification failed
设置访问令牌的登录名和代码如下。
import os
import boto3
from flask import Flask, request, make_response, redirect, render_template
from flask_jwt_extended import set_access_cookies
app = Flask(__name__)
@app.route('/login', methods=['GET', 'POST'])
def login():
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
auth_response = boto3.client('cognito-idp').admin_initiate_auth(
UserPoolId=os.environ['AWS_COGNITO_USER_POOL_ID'],
ClientId=os.environ['APP_CLIENT_ID'],
AuthFlow='ADMIN_NO_SRP_AUTH',
AuthParameters={
'USERNAME': username,
'PASSWORD': password
}
)
response = make_response(redirect('login_success', 302))
set_access_cookies(response, auth_response['AccessToken'], max_age=15)
return response
return render_template('login.html')
问题是 public 设置的密钥来自之前删除的认知池,需要更新为当前密钥。