Change cognito JWT validation to use the new 'app integration' Client…

… ID as well (#4) I forgot to change this on the previous commit. Now it is handled better as a constant as well.
newjersey · Nov 14, 2023 · 58ef79d · 58ef79d
1 parent 69b6c38
commit 58ef79d
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/serverless.yml b/serverless.yml
@@ -7,6 +7,7 @@ provider:
   environment:
     COGNITO_REGION: "us-east-1"
     COGNITO_USER_POOL: "us-east-1_AZyvZQdFN"
+    COGNITO_APP_CLIENT_ID: "7i01fral9t0fdtodp78hi3vqrh"
     PATH_PARAMETER_GROUP_NAME: "groupName"
     # Get all secret key details from SSM
     KEY_PRIVATE_EXPONENT: ${ssm:custom-aws-idp-private-key-private-exponent}
@@ -24,7 +25,7 @@ provider:
         type: jwt
         identitySource: $request.header.Authorization
         issuerUrl: "https://cognito-idp.us-east-1.amazonaws.com/${self:provider.environment.COGNITO_USER_POOL}"
-        audience: [ 4bfgopjuh6lmgg4t66qf9uphrb ]
+        audience: [ "${self:provider.environment.COGNITO_APP_CLIENT_ID}" ]
   iam:
     role:
       statements: