Javascript 在哪里可以检索Cognito标识池的公钥？_Javascript_Amazon Web Services_Jwt_Amazon Cognito

Javascript 在哪里可以检索Cognito标识池的公钥？

javascript amazon-web-services jwt

Javascript 在哪里可以检索Cognito标识池的公钥？,javascript,amazon-web-services,jwt,amazon-cognito,Javascript,Amazon Web Services,Jwt,Amazon Cognito,实际上，我通过以下代码为未经身份验证的用户检索了一个签名的JWT AWS.config.region = 'eu-central-1'; // Region AWS.config.credentials = new AWS.CognitoIdentityCredentials({ IdentityPoolId: 'eu-central-1:cccccc-cccc-cccc-cccc', RoleArn: 'arn:aws:iam::iiiiiiiiiiiii:role/Cogni

实际上，我通过以下代码为未经身份验证的用户检索了一个签名的JWT

AWS.config.region = 'eu-central-1'; // Region
AWS.config.credentials = new AWS.CognitoIdentityCredentials({
    IdentityPoolId: 'eu-central-1:cccccc-cccc-cccc-cccc',
    RoleArn: 'arn:aws:iam::iiiiiiiiiiiii:role/Cognito_MyIdentityPoolUnauth_Role'
});
// Obtain Open ID Token (JWT)
AWS.config.credentials.get(function() {
    console.log(AWS.config.credentials.params.WebIdentityToken);
});

如何检索公钥以验证签名

我只能从用户池中找到涉及令牌的文档。因为我想处理未经身份验证的用户，这对我没有帮助。

AWS文档只描述了如何检索用户池的公钥，但也有身份池的公钥。虽然用户池公钥（）的URL包含用户池Id，但标识池的URL不包含用户池Id

Cognito标识池的公钥可以从中检索。这将为跨区域的所有可能的标识池提供公钥

要识别正确的密钥，必须检查Open Id令牌头。属性kid在密钥列表中标识正确的密钥

{
    "kid": "eu-central-11",
    "typ": "JWS",
    "alg": "RS512"
}

例如，在这种情况下，正确的jwk应为：

{
    kty: "RSA",
    alg: "RS512",
    use: "sig",
    kid: "eu-central-11",
    n: "AL9Kz62JHMpn5kBEqyoaXkM56x3l3Wi0kg0Juv71QtXo5M4ZJYxouKdcrKfevYTRNm6DE0hTbJnyj7Bh4EYbmruGdSWE970xkcFJxcgak0j4rneRX5G1E/xN27M42OOLmZCe8O6l3nksD0XGOqBPqOSEP3pYCNAYMncpSGnit56fUX+yszfMjGP3DVSUFZKtXbqwt/S0VpBi5BQbbD57R8DKenQsPfln91tgGopmXP66vZ4yWRUzs/mqHxcez3FcgHHXc6AbEJ6GOSVd9t+BCUW5kVY0aYO301PJczvB3zfsI6qebjS6BFTvMp8SqK532ZRnXEMgs/5gc9cfxpDsgvk=",
    e: "AQAB"
}