By using AWS re:Post, you agree to the Terms of Use

Cognito Hosted UI, using code flow and refresh with an SDK?


I have setup the hosted Cognito sign-in UI using the authorisation code flow (and a user pool) with a redirect to a simple html/JS/CSS website app. I have played successfully with using the auth code thats returned on redirect and making calls to get the access token and refresh etc, though rather crude JS code of mine. However I have been trying to figure out if I can use a Cogntio JS SDK that would help me implement some of these tasks without having to use my own JS code, specifically around refresh to check the user is signed in (currently on page refresh I have issues), sign-out, validation and also a secure way to save JWT tokens on browser side.

As part of my web application I am using API gateway and Lambda using JWT authoriser to provide backend logic/services. This works well.

Any help/advice would be appreciated.

1 Answers

There's a community create library called Amazon Cognito Identity SDK for JavaScript, did you tried using that?

Just be aware that store JWT directly in the browser is not secure, you will need yo use a cookie with a HttpOnly only flag.

I know your answer is concerning the Cognito Hosted UI, but you tried to see if your web application could leverage AWS Amplify Auth? It uses Cognito and has a lot of helpers built-in and if you are using a specific framework simple ways to customize your own UI.

profile picture
answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions