amazon-cognito-identity-js on React frontend

Question

Is it safe to use amazon-cognito-identity-js on a frontend application given that it will have your user pool and client ID?

I am trying to use Cognito in my React app (with a Python backend). I was hoping to keep the Cognito services on the frontend and have my backend authenticate on the users token. Is this possible with amazon-cognito-identity-js or should I instead use Amplify? (Or is there an SDK I can use for my Python backend for Cognito?)

Answer 1

I've found this answer which seems to explain how user pool and client ID are not secrets and can be stored on a frontend service. So the answer is yes, it is safe.