AWS Certified Developer – Associate — Question 236
An application receives authenticated user data in the form of a JSON Web Token (JWT) from an Amazon Cognito user pool. A developer is setting up an Amazon API Gateway API to handle requests from the application and is using the token to verify the user’s identity.
Which of the following must the developer validate before the user data can be trusted?
Answer options
- A. The token’s nonce
- B. The key ID in the token’s header
- C. The token's signature
- D. The token's issuer claim
Correct answer: C
Explanation
The correct answer is C, as validating the token's signature is essential to ensure that the token was issued by a trusted source and hasn't been altered. Options A, B, and D are important in other contexts, but they do not guarantee the integrity of the token itself, which is critical for trusting the user data.