Skip to main content

AWS Cognito Login with Embedded Wallets

AWS Cognito is a scalable authentication service provided by Amazon Web Services that enables developers to securely manage user sign-up, sign-in, and access control. Web3Auth supports AWS Cognito as a service provider, allowing seamless integration between AWS Cognito’s authentication capabilities and Web3Auth’s decentralized key management infrastructure.

Take a look at the supported social logins on AWS Cognito

Create an AWS Cognito Application

To begin the integration process, developers must first create a new AWS Cognito application using the AWS Management Console. This initial setup is required before configuring the connection within Web3Auth.

Once the AWS Cognito application is created, developers can proceed to add it as a custom connection in the Embedded Wallets Dashboard.

Learn how to set up AWS Cognito.

Create an AWS Cognito Connection

Create AWS Cognito Connection on Dashboard

To use this feature, developers must go to the Custom Connections tab in the Embedded Wallets Dashboard.

Custom Connection Options

Follow these steps to create a AWS Cognito connection:

  1. Visit the Embedded Wallets Dashboard.
  2. Go to the Custom Connections section.
  3. Click on the Settings icon near the AWS Cognito connection.
  4. Enter the Cognito Connection ID.
  5. Paste https://cognito-idp.{REGION}.amazonaws.com/{USER_POOL_ID}/.well-known/jwks.json as JWKS Endpoint.
  6. Paste a sample JWT Token to auto populate the best JWT validations possible.
  7. Select the JWT user identifier: email, sub or custom.
  8. Toggle the Case Sensitivity of User Identifier. (Optional)
  9. Click on Add Custom Validations to add validations manually.
    1. Type iss as a field and https://cognito-idp.{REGION}.amazonaws.com/{USER_POOL_ID} as a value.
    2. Next, type aud as a field and APP_CLIENT_ID as a value.
  10. Finally, click on the Add Connection button.

Note: Replace the REGION, USER_POOL_ID and APP_CLIENT_ID with your Cognito specific details.

AWS Cognito Connection

Usage

Since, the AWS Cognito Connection details are available from Dashboard, developers don't need to pass any additional parameters to the Web3AuthProvider.

Follow our Quick Starts to setup the basic flow.

Login with AWS Cognito

web3authContext.tsx
await connectTo(WALLET_CONNECTORS.AUTH, {
  authConnection: AUTH_CONNECTION.CUSTOM,
  authConnectionId: "w3a-cognito-demo",
  extraLoginOptions: {
    clientId: import.meta.env.VITE_COGNITO_CLIENT_ID,
    domain: "https://shahbaz-web3auth.auth.ap-south-1.amazoncognito.com",
    verifierIdField: "email",
    response_type: "token",
    scope: "email profile openid",
  },
});
On this page