/aws-cognito-pure-js-example

An example implementation of AWS Cognito with a Web Application using pure JavaScript (no SDK)

Primary LanguageJavaScriptMIT LicenseMIT

aws-cognito-pure-js-example

An example implementation of AWS Cognito with a Web Application using pure JavaScript (no SDK)

Please refer to the following BLOG entry for the detailed walk-through of this example code:

Security Information

This code base is not suitable for production environments.

Please note that the following known security issues exist:

  • No verification of any of the JWT tokens is done
  • The state is never validated within the flow
  • No specific security measures have been taken to protect any private data

Local Testing Quick Start

Basic steps:

Step 1: Update your Cognito configuration in webapp.js

var awsRegion = "PLEASE-SET-ME";            // Example: eu-central-1
var cognitoUserPoolId = "PLEASE-SET-ME";    // Example: eu-central-1_XXXXXXXXX (this example does not point to a real ID)
var cognitoClientId = "PLEASE-SET-ME";      // Example: 1234567890abcdefghijklomnp (this example does not point to a real ID)
var cognitoAuthDomain = "PLEASE-SET-ME";    // Example: https://your-subdomain.auth.eu-central-1.amazoncognito.com

Please note that the above information is not considered "secret" as it is used in the configuration of the web application, which will run in potentially any user's browser and it is therefore visible to potentially any user of the web application.

Depending on how you configured your user pool and application, DO NOT save a client secret here - it is not used in web applications. Read more here...

Step 2: Start an Nginx Docker Instance

docker run --rm -p 8080:80 -v $(pwd):/usr/share/nginx/html nginx:latest

Step 3: Point your browser to http://localhost:8080/index.html