Cognito JSON Web Token (JWT) Verification #1664
Description
The Verifying a JSON Web Token docs describe several steps for verifying id and access JWT's. The security of a developer's app depends on implementing these instructions correctly and without any vulnerabilities. It's easy to miss one of these steps. Missing a step negates most of the security that Cognito brings to an external application. There are a handful of instances online where someone incorrectly implements java JWT verification. It's a little unrealistic to expect every developer to implement this verification correctly.
Google has officially supported JWT verification for Google Sign-In within their "Using a Google API Client Library".
Please provide an officially supported implementation of JWT verification!