A Matter of Authentication

Source: Dev.to

Overview

AWS Cognito is the managed authentication service I use to keep the website I develop secure. I only want users I have personally set up to be able to log in. Because I’m not an IAM specialist and don’t need enterprise‑scale Active Directory or custom authorizers for my APIs, Cognito fits the bill perfectly.

User Pools and Identity Pools

• User Pools let you federate identities from providers such as GitHub, assign scopes/roles, or manage identities locally within the pool.
• Application clients in a User Pool can power a single‑page application and support machine‑to‑machine (M2M) authentication via OAuth 2.0, which is handy for agentic applications that need secure access to tooling.
• After creating a User Pool, you can optionally use it as an identity provider for an Identity Pool to grant authenticated users direct access to AWS resources. My website does not require this, so I won’t be creating an Identity Pool.

Testing with HTTP API Gateway

I’m using this opportunity to try HTTP API Gateway endpoints (as opposed to the REST APIs I’ve used before). The plan is to configure a Cognito User Pool app client to issue JWT tokens for my API. I followed a blog post (link omitted) to make it work.

Configuration

Below are the environment variables needed for the Cognito authentication setup.

# Cognito Authentication Configuration

# Cognito User Pool Domain (without the .auth.region.amazoncognito.com part)
VITE_COGNITO_DOMAIN=your-cognito-domain

# Cognito User Pool App Client ID
VITE_COGNITO_CLIENT_ID=your-cognito-client-id   # e.g., 1a2b3c4d5e6f7g8h9i0j1k2l3m

# AWS Region (optional – defaults to us-east-1)
VITE_AWS_REGION=us-east-1

# Redirect URI after successful login (optional – defaults to current origin)
VITE_COGNITO_REDIRECT_URI=http://localhost:3000
# For production:
# VITE_COGNITO_REDIRECT_URI=https://your-domain.com