This sample application shows some basic functionality written against AWS Cognito. The following functionality is covered;
- User registration
- User login
- Accessing a secured page if logged in
- Resetting a forgotten password
- Logout
The application is written in PHP. I've tried to keep the code as simple as possible so that it can be used as an example for other languages as well. In addition, I have written a blog post where I explain how to get started with AWS Cognito. There you will find more theory and background about how to implement AWS Cognito.
The steps to get started are divided in two sections;
First we will set up a new AWS Cognito user pool with the correct configuration.
- Visit your AWS console and go to the AWS Cognito service. Click on "Manage your User Pools" and click "Create a User Pool".
- Specify a name for your pool and click "Review Defaults".
- Optional: edit the password policy to remove some of the requirements. If you are just testing, using simple passwords will make it easier.
- Click the "edit client" link. Specify a name for your app and be sure to disable the client secret and enable the ADMIN_NO_SRP_AUTH option.
- Click "Create pool". Take note of the Pool Id at the top of the page and click on the apps page. Here, take note of the App client id.
- Create a new file called
.env
next to the Dockerfile. Add the AWS region you are using, the pool ID and the client ID to this file. For the proper format, see below. - There are two methods for setting up the required AWS credentials for communicating with the AWS CLI:
- The recommended way is to spin up an EC2 instance with a role. You then assign the correct permissions to this role.
- If you want to spin up the application outside of AWS, you will need an AWS user. Create an AWS User and get the access token and secret key. Add these to the .env file (see below).
- For testing, you can attach the
AmazonCognitoPowerUser
policy to either the created role or the user.
That should be it! The format is the .env file is as follows:
REGION=eu-west-1
CLIENT_ID=eu-west-1_abc123
USERPOOL_ID=abc123
AWS_ACCESS_KEY_ID=123 (Optional)
AWS_SECRET_ACCESS_KEY=abc (Optional)
With the AWS Cognito user pool set up and the correct configuration added to the .env
file, we can start the application.
- Install Docker and Install Docker Compose. As mentioned, it is recommended to run the application on an EC2 instance so you don't need AWS access credentials.
- Clone this repository:
git clone https://github.com/SanderKnape/aws-cognito-app.git
- Cd into the git repository and spin up the application with
docker-compose up -d
. - The application is now running on port 80. Check it out! You will be able to create a user (with your correct e-mailaddress to receive the token), confirm the signup, login, and more.