An example implementation of AWS Cognito with a Web Application using pure JavaScript (no SDK)
Please refer to the following BLOG entry for the detailed walk-through of this example code:
- Online: Published 2022-06-06
- GitHub: Source for the blog post dated 2022-06-06
This code base is not suitable for production environments.
Please note that the following known security issues exist:
- No verification of any of the JWT tokens is done
- The
state
is never validated within the flow - No specific security measures have been taken to protect any private data
Basic steps:
Step 1: Update your Cognito configuration in webapp.js
var awsRegion = "PLEASE-SET-ME"; // Example: eu-central-1
var cognitoUserPoolId = "PLEASE-SET-ME"; // Example: eu-central-1_XXXXXXXXX (this example does not point to a real ID)
var cognitoClientId = "PLEASE-SET-ME"; // Example: 1234567890abcdefghijklomnp (this example does not point to a real ID)
var cognitoAuthDomain = "PLEASE-SET-ME"; // Example: https://your-subdomain.auth.eu-central-1.amazoncognito.com
Please note that the above information is not considered "secret" as it is used in the configuration of the web application, which will run in potentially any user's browser and it is therefore visible to potentially any user of the web application.
Depending on how you configured your user pool and application, DO NOT save a client secret here - it is not used in web applications. Read more here...
Step 2: Start an Nginx Docker Instance
docker run --rm -p 8080:80 -v $(pwd):/usr/share/nginx/html nginx:latest
Step 3: Point your browser to http://localhost:8080/index.html