cognito-passport-oauth2
Passport Cognito OAuth2 strategy for AWS Cognito User Pools. This supports providing congnito specific additional auth parameters. This is subclass of passport-oauth2 strategy.
Install
$ npm i cognito-passport-oauth2
Create Strategy
The strategy takes a verify
function, auth options
, and optional additional auth params
.
Find simple working example here.
const passport = require('passport'),
CognitoOAuth2Strategy = require('cognito-passport-oauth2');
passport.serializeUser(function (user, done) {
done(null, user);
});
passport.deserializeUser(async function (user, done) {
done(null, user);
});
const options = {
callbackURL: 'http://localhost:4001/auth/callbacks', //Your callback url
clientDomain: 'https://yourdomain.auth.eu-west-1.amazoncognito.com', //Your cognito user pool domain
clientID: 'your cognito app client id',
clientSecret: 'your cognito app client secret',
region: 'eu-west-1', //your region
passReqToCallback: true
};
//Indicates the provider that the end user should authenticate with.
//You can as well provide other custom auth params
const customOptions = { identity_provider: 'your idp name' };
async function verify(req, accessToken, refreshToken, { id_token }, profile, done) //if you need id_token, use this signature
or
async function verify(req, accessToken, refreshToken, profile, done) {
//Your additional user logic
let sessionData = {
username: profile.username
//additional props
}
return done(null, sessionData);
};
passport.use('cognito', new CognitoOAuth2Strategy(options, verify, customOptions));
or
passport.use('cognito', new CognitoOAuth2Strategy(options, verify)); //go to default cognito login page and let user choose the idp
Configure Route to Invoke Auth Requests
Use passport.authenticate()
, specifying the 'cognito'
strategy
app.get('/auth/login', passport.authenticate('cognito'));
or
app.get('/auth/login', passport.authenticate('cognito', additionalAuthParameters)); //Overwrite customOptions (see above) or provide additional auth params
app.get('/auth/callback', passport.authenticate('cognito', { failureRedirect: '/error', failureFlash: true, successRedirect: '/index' }));
Additional Details
Refer here for more information about configuring cognito app client