How do you use AWS Cognito with a custom NodeJS server?

Question

I am building an app using Angular and NodeJS.

I've heard about AWS Cognito and would like to use it in my app. However it is very unclear in the documentation how it is supposed to work.

There is an example on how to use Cognito with an Angular SPA, but there is no word on how I can use it to authenticate users on my backened NodeJS server.

How is NodeJS supposed to know if a user is logged in? I can think of several possible answers, but none appear in the documentation and there is surprisingly no code sample. So I decided to ask here before investing a lot of time in trial and error.

Answer 1

You can use AWS Cognito Userpools in your backend NodeJS server to authenticate users. The steps are as follows.

• Create a Cognito Userpool and setup an App Client.
• Create a Cognito Userpool ( Optionally Cognito Federated Identities if you want your users to directly allow controlled access to AWS services).
• Configure Cognito Hosted UI ( Built in Signin page and optionally Signup page).
• For User Signin, redirect the User to this Domain URL for Signin.
• Setup an App Client with redirect URLs to your App for Oauth2 flow.
• After user Signin, you will receive an id_token (e.g In implicit grant flow) in URL which you can forward to your NodeJS server where you can validate it using NodeJS middleware.
• You can decide whether to store the id_token in a cookie or in browser storage and implement the storage and validation accordingly for subsequent requests.

Note: Since the id_token is a standard JavaScript Web Token (JWT) you can find a library to validate it. Refer AWS documentation Using Tokens with User Pools for more details.