Hello, this is Daiki Tanaka. I’m a member of CTO Office, AI Forward Division.
This page describes things to keep in mind when you create JSON Web Tokens (JWT) with signatures using ECDSA_SHA algorithms with AWS KMS keys. Sample codes here are all writen in python 3.8.
JSON Web Token
JSON Web Token (JWT) is a standard that defines a method for signing and encrypting JSON data.
As a practical use case, let’s consider a request from a client to an API server.
The followings are the steps needed when requesting to the API server with JWT. Here, we assume the API user has already created a public/private key pair.
1. Send the public key to the API server administrator in advance.
2. When the cluent makes a request, the private key is used to sign the request and create a JWT.
3. Set the created JWT in the header and make a request to the API.
4. The API server receives the request and verifies the validity of the signature using the public key.
5. If the signature is valid, the request is processed and the response is returned to the client from the API.