Which of the following must the developer validate before the user data can be trusted?

By:
In: DVA-C01
Tagged:
With: 1 Comment
An application receives authenticated user data in the form of a JSON Web Token (JWT) from an Amazon Cognito user pool.A developer is setting up an Amazon API Gateway API to handle requests from the application and is using the token to verify the user’s identity.

Which of the following must the developer validate before the user data can be trusted?

The token’s nonce

The key ID in the token’s header

The token’s signature

The token’s issuer claim

Explanations:

The nonce is not a required field in a JWT, and its presence is more relevant for preventing replay attacks in specific contexts. Validating a nonce is not necessary for trusting user data from a Cognito JWT.

The key ID (kid) in the token’s header indicates which key was used to sign the JWT. While it is important for signature validation, it is not directly related to validating the trustworthiness of the user data itself.

Validating the token’s signature is essential for ensuring that the JWT has not been tampered with and that it was issued by a trusted source. This ensures the authenticity and integrity of the user data.

The token’s issuer claim (iss) is important for identifying the source of the token but does not directly ensure the integrity of the user data itself. It is a part of the validation process but not the sole determinant of trustworthiness.

2025-10-01

1 Comment

  1. Carol
    Author

    I surmise that the answer is:
    The token’s signature

Leave a Reply

Your email address will not be published. Required fields are marked *

17 − eight =