How to validate AWS Cognito JWT in .NET Core Web API using .AddJwtBearer()

Question

I was having some trouble figuring out how to go about validating a JWT given to the client by AWS Cognito inside my .NET Core Web API.

Not only could I not figure o

Answer 1

The provided answer here is only required if you need more fine grained control over validation.

Otherwise the following code is sufficient to validate jwt.

services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
    options.Authority = "{yourAuthorizationServerAddress}";
    options.Audience = "{yourAudience}";
});

Okta have a good article on this. https://developer.okta.com/blog/2018/03/23/token-authentication-aspnetcore-complete-guide

When the JwtBearer middleware handles a request for the first time, it tries to retrieve some metadata from the authorization server (also called an authority or issuer). This metadata, or discovery document in OpenID Connect terminology, contains the public keys and other details needed to validate tokens. (Curious what the metadata looks like? Here’s an example discovery document.)

If the JwtBearer middleware finds this metadata document, it configures itself automatically. Pretty nifty!