Is there an existing issue for this?
Summary
The ability to access the encoded JWT identity token from an OIDC authenticated user. This means that instead of decoding the received identity token into a 'human readable' object, just straight up returning the encoded JWT. Perhaps this can also be hidden under a placeholder, the same way the access token is hidden.
Why should this be worked on?
Currently, one can only retrieve the decoded identity token of a OIDC authenticated user. While this is a nice to have and certainly improves some things in the workflow, it also brings limitations.
Our use case requires the generation of AWS V4 signature headers, which requires AWS credentials to create the signature. Currently, there is no built-in support for AWS V4 headers, although there have been some comments about it in this issue. This means that the generation of the headers is to be done by using the AWS JavaScript SDK.
Our OIDC flow uses AWS Cognito to authenticate users. The returned identity token includes some crucial information which is needed to retrieve a cognito 'identity id' using this call. The cognito identity id can then be used to retrieve AWS credentials using this call.
In this flow, the encoded JWT identity token is needed for the cognito identity id request to succeed. I have tried to request the cognito identity id with the decoded JWT identity token, which returned an error related to the formatting of the identity token.
Is there an existing issue for this?
Summary
The ability to access the encoded JWT identity token from an OIDC authenticated user. This means that instead of decoding the received identity token into a 'human readable' object, just straight up returning the encoded JWT. Perhaps this can also be hidden under a placeholder, the same way the access token is hidden.
Why should this be worked on?
Currently, one can only retrieve the decoded identity token of a OIDC authenticated user. While this is a nice to have and certainly improves some things in the workflow, it also brings limitations.
Our use case requires the generation of AWS V4 signature headers, which requires AWS credentials to create the signature. Currently, there is no built-in support for AWS V4 headers, although there have been some comments about it in this issue. This means that the generation of the headers is to be done by using the AWS JavaScript SDK.
Our OIDC flow uses AWS Cognito to authenticate users. The returned identity token includes some crucial information which is needed to retrieve a cognito 'identity id' using this call. The cognito identity id can then be used to retrieve AWS credentials using this call.
In this flow, the encoded JWT identity token is needed for the cognito identity id request to succeed. I have tried to request the cognito identity id with the decoded JWT identity token, which returned an error related to the formatting of the identity token.