Add the ability to customize the domain used for token cookies.
// Configuration
const authenticator = new Authenticator({
region: 'us-east-1', // user pool region
userPoolId: 'us-east-1_tyo1a1FHH', // user pool ID
userPoolAppId: '63gcbm2jmskokurt5ku9fhejc6', // user pool app client ID
userPoolDomain: 'domain.auth.us-east-1.amazoncognito.com', // user pool domain
// New property
cookieDomain: 'training.aws.dev',
});
// Place in index.ts where it's going to be used
return this._fetchTokensFromCode(redirectURI, requestParams.code)
.then(tokens => this._getRedirectResponse(
tokens,
// Updated param
this._cookieDomain || cfDomain,
requestParams.state as string
));
Why is this needed:
We are planning to use this library for our new authentication gateway application. As opposed to the intended use case of this library, which is to use the handle method to gate static S3 files behind an authentication gate, we are planning to use the individual handler methods directly in our app. This auth gateway app will be a set of Lambda@Edge handlers that work as an intermediary between React frontend clients and AWS Cognito to do
authentication duties,
exchange code for tokens, and
sending tokens as HttpOnly cookies, which clients can use to communicate with some Amazon internal API's
Handlers
/signIn: Mapped to the existing method _getRedirectToCognitoUserPoolResponse
/parseAuth: Mapped to existing method _fetchTokensFromCode
/refreshToken: Mapped to existing method _fetchTokensFromRefreshToken
In our Cloudfront distribution setup, we'd do something like
What would you like to be added:
Add the ability to customize the domain used for token cookies.
Why is this needed:
We are planning to use this library for our new authentication gateway application. As opposed to the intended use case of this library, which is to use the
handle
method to gate static S3 files behind an authentication gate, we are planning to use the individual handler methods directly in our app. This auth gateway app will be a set of Lambda@Edge handlers that work as an intermediary between React frontend clients and AWS Cognito to doHandlers
/signIn
: Mapped to the existing method_getRedirectToCognitoUserPoolResponse
/parseAuth
: Mapped to existing method_fetchTokensFromCode
/refreshToken
: Mapped to existing method_fetchTokensFromRefreshToken
In our Cloudfront distribution setup, we'd do something like
Slack or email me on vikred@amazon.com for additional details