Decrypt a Cookie

[Clarha]

There is a function to validate a JWT token passed in the QueryString, but is there a way to decrypt a cookie as well?

What I am attempting to do is decrypt a cookie, check the information for the user in said cookie and add a header that identifies the user as authenticated.

The function would then add a header to the request identifying the user as such. This would allow us to serve protected content cached at CloudFront as opposed to going deeper into our stack.

[stschulte]

cookies are part of the event. Let's assume your cookie that holds the JWT is called "JWT". Then you code could look like this (untested!)

function handler(event) {
  const request = event.request;
  const uri = request.uri;
  const cookies = request.cookies

  if(cookies && cookies["JWT"]) {
    const tokenCookie = cookies["JWT"]
    const jwtToken = tokenCookie.value

    try{ 
      jwt_decode(jwtToken, key);
    }
    catch(e) {
      console.log(e);
      return response401;
    }

    console.log("Valid JWT token");
    return request;
  }
  // no cookies?
  return response401;
}