const openssl = require('openssl-wrapper');
const axios = require('axios');

const config = {
  region: 'us-east-1',
  userPoolId: 'your-user-pool-id'
};

getThumbprint()
.then(console.log)
.catch(console.error);

async function getThumbprint() {
  const oidcUrl = `https://cognito-idp.${config.region}.amazonaws.com/${config.userPoolId}`;

  const {jwks_uri} = await axios.get(`${oidcUrl}/.well-known/openid-configuration`).then(res => res.data);
  const parsedJWKS = new URL(jwks_uri);

  const certResponse = await opensslAsync('s_client', {servername: parsedJWKS.host, showcerts: true, connect: `${parsedJWKS.host}:443`});
  const certString = Buffer.from(certResponse).toString();
  const begin = certString.lastIndexOf('-----BEGIN CERTIFICATE-----');
  const end = certString.lastIndexOf('-----END CERTIFICATE-----') + '-----END CERTIFICATE-----'.length;
  const cert = certString.slice(begin, end);
  
  const fingerprintResponse = await opensslAsync('x509', Buffer.from(cert), {fingerprint: true, noout: true});
  const thumbprint = Buffer.from(fingerprintResponse).toString().replace(/^.*Fingerprint=/, '').replace(/:/g, '').trim();
  
  return thumbprint; 
}