@factor-technology/cognito-passport-oauth2

v1.1.7

Published

10 months ago

A passport strategy to authenticate against an AWS Conginito User Pool OAuth 2.0 provider and get user profile, access token and ID token. This supports providing congnito specific additional auth parameters. This is subclass of passport-oauth2 strategy.

Downloads

0High
0Medium
0Low

hugh.winkler

passport cognito aws strategy oauth2 authentication express userpool cognito authentication authorization

cognito-passport-oauth2

Passport Cognito OAuth2 strategy for AWS Cognito User Pools. This supports providing congnito specific additional auth parameters. This is subclass of passport-oauth2 strategy.

Install

$ npm i cognito-passport-oauth2

Create Strategy

The strategy takes a verify function, auth options, and optional additional auth params. Find simple working example here.

const passport = require('passport'),
CognitoOAuth2Strategy = require('cognito-passport-oauth2');

passport.serializeUser(function (user, done) {
    done(null, user);
});

passport.deserializeUser(async function (user, done) {
    done(null, user);
});

const options = {
    callbackURL: 'http://localhost:4001/auth/callbacks', //Your callback url
    clientDomain: 'https://yourdomain.auth.eu-west-1.amazoncognito.com', //Your cognito user pool domain
    clientID: 'your cognito app client id',
    clientSecret: 'your cognito app client secret',
    region: 'eu-west-1', //your region
    passReqToCallback: true
};

//Indicates the provider that the end user should authenticate with. 
//You can as well provide other custom auth params 
const customOptions = { identity_provider: 'your idp name' };
 
 async function verify(req, accessToken, refreshToken, { id_token }, profile, done) //if you need id_token, use this signature
 or   
 async function verify(req, accessToken, refreshToken, profile, done) {
    //Your additional user logic

    let sessionData = {
        username: profile.username
        //additional props
    }

    return done(null, sessionData);
};

passport.use('cognito', new CognitoOAuth2Strategy(options, verify, customOptions));
or 
passport.use('cognito', new CognitoOAuth2Strategy(options, verify)); //go to default cognito login page and let user choose the idp

Configure Route to Invoke Auth Requests

Use passport.authenticate(), specifying the 'cognito' strategy

app.get('/auth/login', passport.authenticate('cognito'));
or
app.get('/auth/login', passport.authenticate('cognito', additionalAuthParameters)); //Overwrite customOptions (see above) or provide additional auth params

app.get('/auth/callback', passport.authenticate('cognito', { failureRedirect: '/error', failureFlash: true, successRedirect: '/index' }));

Additional Details

Refer here for more information about configuring cognito app client

Published

Vulnerabilities

Links

Maintainers

Keywords

Readme

cognito-passport-oauth2

Install

Create Strategy

Configure Route to Invoke Auth Requests

Additional Details