Skip to main content

AWS Cognito Login with Embedded Wallets

AWS Cognito is a scalable authentication service provided by Amazon Web Services that enables developers to securely manage user sign-up, sign-in, and access control. Web3Auth supports AWS Cognito as a service provider, allowing seamless integration between AWS Cognito’s authentication capabilities and Web3Auth’s decentralized key management infrastructure.

AWS Cognito supports a wide set of social logins.

Create an AWS Cognito application

To begin the integration process, developers must first create a new AWS Cognito application using the AWS Management Console. This initial setup is required before configuring the connection within Web3Auth.

Once the AWS Cognito application is created, developers can proceed to add it as a custom connection in the dashboard.

Learn how to set up AWS Cognito.

Create an AWS Cognito connection

Create AWS Cognito Connection

To use this feature, developers must go to the Custom Connections tab in the dashboard.

Custom Connection Options

Follow these steps to create a AWS Cognito connection:

  1. Visit the dashboard.
  2. Go to the Custom Connections section.
  3. Click on the Settings icon near the AWS Cognito connection.
  4. Enter the Cognito Connection ID.
  5. Paste https://cognito-idp.{REGION}.amazonaws.com/{USER_POOL_ID}/.well-known/jwks.json as JWKS Endpoint.
  6. Paste a sample JWT Token to auto populate the best JWT validations possible.
  7. Select the JWT user identifier: email, sub or custom.
  8. Toggle the Case Sensitivity of User Identifier. (Optional)
  9. Click on Add Custom Validations to add validations manually.
    1. Type iss as a field and https://cognito-idp.{REGION}.amazonaws.com/{USER_POOL_ID} as a value.
    2. Next, type aud as a field and APP_CLIENT_ID as a value.
  10. Finally, click on the Add Connection button.

Note: Replace the REGION, USER_POOL_ID and APP_CLIENT_ID with your Cognito specific details.

AWS Cognito Connection

Usage

Since, the AWS Cognito Connection details are available from the dashboard, developers don't need to pass any additional parameters to the Web3AuthProvider.

Follow our quickstart to set up the basic flow.

Log in with AWS Cognito

web3authContext.tsx
await connectTo(WALLET_CONNECTORS.AUTH, {
  authConnection: AUTH_CONNECTION.CUSTOM,
  authConnectionId: "w3a-cognito-demo",
  extraLoginOptions: {
    clientId: import.meta.env.VITE_COGNITO_CLIENT_ID,
    domain: "https://shahbaz-web3auth.auth.ap-south-1.amazoncognito.com",
    verifierIdField: "email",
    response_type: "token",
    scope: "email profile openid",
  },
});
On this page