[Cognito] App client_id is not validated for Cognito JWT (access_token)

I faced with an issue when using congito auth, app `client_id` is not validating during token verification. So you can path any ID and it will work.

```python

# pass some fake client_id
auth = Cognito(region=aws_region, userPoolId=aws_cognito_userpool_id, client_id='foo-bar')

# access_token - obtained from Cognito
http_auth = HTTPAuthorizationCredentials(scheme='Bearer', credentials=access_token)

await auth.verifier.verify_token(http_auth)
True
```

The problem is that `jwt.decode` (`jose` lib) doesn't expect `client_id` in token and since `aud` is not defined it skips validation.  

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

[Cognito] App client_id is not validated for Cognito JWT (access_token) #76

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Uh oh!

[Cognito] App client_id is not validated for Cognito JWT (access_token) #76

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions