Finishing AWS Authentication Flow

TLDR I am looking for somewhere to send cognito JWT's from the backend to verify the user's status.

I currently have a react app, with a serverless apollo api, and dynamodb database, all running locally.

• The react client uses aws-amplify to register, sign-in etc with aws-cognito - returning access, id and refresh tokens.

• Users can also sign in with facebook and google, amplify.Auth.federatedSignIn which returns the cognito identity credentials.

• The tokens are then passed to the backend, where they are verified.

So far I cannot find where to send the tokens from the backend, to verify that the user is signed in to cognito. I have scoured the docs but TBH that has left me more confused.

As far as I can understand, in production API Gateway, or AppSync can intecept the tokens between the front and backend, but since I have verified tokens at the backend currently is there an endpoint or SDK method I can hit with tokens/ access keys etc to check the users status?

Feel free to tell me if I'm going about this the wrong way.

If you need to verify that a token is valid and unexpired, with the JavaScript SDK use

const cognitoServiceProvider = new AWS.CognitoIdentityServiceProvider({apiVersion: '2016-04-18'});
await cognitoServiceProvider.getUser({
        AccessToken: accessToken
    }).promise();

This will throw an error if the token is not valid.

If you are using a different SDK, find the equivalent call.