@ajayaldo/passport-cognito-oauth2 v1.0.3
passport-oauth2-cognito
Passport Cognito OAuth2 Authorization Code Grant Flow strategy for authenticating against an AWS Cognito User pools. This supports providing congnito specific additional auth parameters. This is subclass of passport-oauth2 strategy.
Install
$ npm i @ajayaldo/passport-cognito-oauth2
Configure
Create Strategy
The strategy requires a verify
callback, which accepts these
credentials and calls done
providing a user, as well as options
specifying a
consumer key, consumer secret, and callback URL.
const passport = require('passport'),
CognitoOAuth2Strategy = require('@ajayaldo/passport-cognito-oauth2');
passport.serializeUser(function (user, done) {
done(null, user);
});
passport.deserializeUser(async function (user, done) {
done(null, user);
});
const options = {
callbackURL: 'http://localhost:4001/auth/callbacks', //Your callback url
clientDomain: 'https://yourdomain.auth.eu-west-1.amazoncognito.com', //Your cognito user pool domain
clientID: 'your cognito app client id',
clientSecret: 'your cognito app client secret',
region: 'eu-west-1',
passReqToCallback: true
};
const customOptions = { identity_provider: 'your idp name' };
async function verify(req, accessToken, refreshToken, profile, done) {
//Your additional user logic
let sessionData = {
username: profile.username
//additional props
}
return done(null, sessionData);
};
passport.use('cognito', new CognitoOAuth2Strategy(options, verify, customOptions));
Configure Route to Invoke Auth Requests
Use passport.authenticate()
, specifying the 'cognito'
strategy
authenticationRouter .route('/auth') .get(passport.authenticate('cognito'));
authenticationRouter .route('/auth/callback') .post(passport.authenticate('cognito', { failureRedirect: '/', failureFlash: true }));
Additional Details
Refer here to get more information about configuring a cognito app client