async function verify()

in lambda/jwt-get.js [45:98]

• 50 lines of code
• 9 McCabe index (conditional complexity)

async function verify(token) {
    let result
    try {
        const tokenSections = token.split(".")
        if (tokenSections.length < 2) {
            throw new Error("requested token is invalid")
        }
        const headerJSON = Buffer.from(tokenSections[0], "base64").toString("utf8")
        const header = JSON.parse(headerJSON)
        const keys = await getPublicKeys()
        const key = keys[header.kid]
        if (key === undefined) {
            throw new Error("claim made for unknown kid")
        }
        const claim = await verifyPromised(token, key.pem)

        console.info({ claim })

        const currentSeconds = Math.floor((new Date()).valueOf() / 1000)
        if (currentSeconds > claim.exp || currentSeconds < claim.auth_time) {
            throw new Error("claim is expired or invalid")
        }

        const cognitoIssuer = getCognitoIssuer()
        if (claim.iss !== cognitoIssuer) {
            throw new Error("claim issuer is invalid")
        }
        if (claim.token_use !== "access") {
            throw new Error("claim use is not access")
        }
        console.log(`claim confirmed for ${claim.username}`)

        result = {
            userName: claim.username.replace("AmazonFederate_", ""),
            clientId: claim.client_id,
            isValid: true,
            firstName: claim.given_name,
            lastName: claim.family_name,
            email: claim.email,
        }
    } catch (error) {
        console.log(error)
        result = {
            userName: "",
            clientId: "",
            error,
            isValid: false,
            firstName: "",
            lastName: "",
            email: "",
        }
    }
    return result
}