{"id":13625314,"url":"https://github.com/awslabs/cognito-proxy-rest-service","last_synced_at":"2025-04-16T06:32:20.363Z","repository":{"id":66103510,"uuid":"102894163","full_name":"awslabs/cognito-proxy-rest-service","owner":"awslabs","description":"Moving the Amazon Cognito functionality down the stack to the backend. Ideal for migration purposes and extremely custom Auth functionality. ","archived":false,"fork":false,"pushed_at":"2020-04-17T20:59:55.000Z","size":140,"stargazers_count":61,"open_issues_count":0,"forks_count":13,"subscribers_count":6,"default_branch":"master","last_synced_at":"2024-08-01T22:04:46.760Z","etag":null,"topics":["aws","aws-apigateway","aws-cloudformation","aws-cognito","aws-lambda","aws-sam","cognito","cognito-quickstart","cognito-user-pool","kotlin","rest-api","webservice","webservices"],"latest_commit_sha":null,"homepage":"","language":"Kotlin","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/awslabs.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2017-09-08T18:49:19.000Z","updated_at":"2024-02-01T21:44:01.000Z","dependencies_parsed_at":"2023-02-26T22:46:42.118Z","dependency_job_id":null,"html_url":"https://github.com/awslabs/cognito-proxy-rest-service","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/awslabs%2Fcognito-proxy-rest-service","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/awslabs%2Fcognito-proxy-rest-service/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/awslabs%2Fcognito-proxy-rest-service/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/awslabs%2Fcognito-proxy-rest-service/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/awslabs","download_url":"https://codeload.github.com/awslabs/cognito-proxy-rest-service/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":223700351,"owners_count":17188304,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","aws-apigateway","aws-cloudformation","aws-cognito","aws-lambda","aws-sam","cognito","cognito-quickstart","cognito-user-pool","kotlin","rest-api","webservice","webservices"],"created_at":"2024-08-01T21:01:53.872Z","updated_at":"2024-11-08T14:30:57.691Z","avatar_url":"https://github.com/awslabs.png","language":"Kotlin","funding_links":[],"categories":["Kotlin"],"sub_categories":[],"readme":"## Cognito Proxy Rest Service\n\n### Author: Vladimir Budilov\n* [YouTube](https://www.youtube.com/channel/UCBl-ENwdTlUsLY05yGgXyxw)\n* [LinkedIn](https://www.linkedin.com/in/vbudilov/)\n* [Medium](https://medium.com/@budilov)\n* [Twitter](https://twitter.com/VladimirBudilov)\n\n### What is it? \nIt's a set of [AWS Lambda](https://aws.amazon.com/lambda/) functions that, once deployed using the provided [SAM](https://github.com/awslabs/serverless-application-model) template, act as \nan [Amazon Cognito](https://aws.amazon.com/cognito/) proxy. \n\n*Note: In most cases you should consider using the SDKs directly on the client side, without using a proxy, especially \nif your business use-case allows it*\n\n### Why was this project created? \n* One-at-a-time user migration, described [here](https://aws.amazon.com/blogs/mobile/migrating-users-to-amazon-cognito-user-pools/)\n* Serves as a guide on how to use the Cognito Admin Java SDK\n* A QuickStart for anyone trying out Cognito without the need to significantly modify the UI\n    * *Cognito provides [SDKs](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools.html) that lets you integrate Cognito on the UI, and that is the recommended way for interacting with this service, but if you are limited in how much you can modify your UI at this time, you can utilize this Cognito proxy* \n\n### Prerequisites\nYou need to already have or [create a new Cognito User Pool](https://docs.aws.amazon.com/cognito/latest/developerguide/create-new-user-pool-console-quickstart.html). For migration purposes, you might want to disable the email/phone verification, otherwise\nevery newly-created user will receive an email with a confirmation code. \n\n### Deployment\n[SAM](https://github.com/awslabs/serverless-application-model/blob/master/HOWTO.md) is used to deploy the project. \nThe AWS Lambda functions use environment variables for easier deployments. These are the 3 parameters that you will need to pass in: \n\n\nProperty | Description \n--- | --- \nRegionParameter | region where the Lambda functions will be deployed to \nCognitoUserPoolIdParameter | Cognito User Pool Id \nCognitoAppClientIdParameter | Cognito App Client Id\nCognitoAutoconfirmUserParameter | Set to 'true' to auto-confirm newly signed-up users and auto-verify their emails\n\n\n##### Build and deploy\n```\n# Build the code\n./gradlew jar\n\n# Package it\naws cloudformation package --template-file sam.yaml --s3-bucket YOUR_BUCKET_NAME --output-template-file /tmp/UpdatedSAMTemplate.yaml\n\n# Deploy it\naws cloudformation deploy --template-file /tmp/UpdatedSAMTemplate.yaml --stack-name auth-stack \\ \n    --parameter-overrides \\\n        RegionParameter=REGION \\\n        CognitoUserPoolIdParameter=REGION_xxxxxxxxx \\\n        CognitoAppClientIdParameter=xxxxxxxxxxxxxxxxxxxxx \\\n        CognitoAutoconfirmUserParameter=true \\\n    --capabilities CAPABILITY_IAM\n\n```\n\n### Test the Flows\n\n```\nexport SAMPLE_EMAIL=myemail@email.com\nexport SAMPLE_PASSWORD=myPassword**^1\nexport REGION=us-east-1\nexport API_GATEWAY_ID=your-api-gateway-url\n\n# Signup\ncurl -XPOST 'https://$API_GATEWAY_ID.execute-api.$REGION.amazonaws.com/Prod/signup' --header \"username: $SAMPLE_EMAIL\" --header \"password: $SAMPLE_PASSWORD\"\n\n# SignIn\ncurl -XPOST 'https://$API_GATEWAY_ID.execute-api.$REGION.amazonaws.com/Prod/admin/signin' --header \"username: $SAMPLE_EMAIL\" --header \"password: $SAMPLE_PASSWORD\"\n\n# Refresh Tokens\ncurl -XPOST 'https://$API_GATEWAY_ID.execute-api.$REGION.amazonaws.com/Prod/admin/refresh' --header \"refreshToken: JWT_REFRESH_TOKEN\"\n\n# Check if the token is valid\ncurl -XGET 'https://$API_GATEWAY_ID.execute-api.$REGION.amazonaws.com/Prod/token/valid' --header \"idToken: JWT_ID_TOKEN\"\n\n# Reset Password\ncurl -XPOST 'https://$API_GATEWAY_ID.execute-api.$REGION.amazonaws.com/Prod/password/reset' --header \"username: $SAMPLE_EMAIL\"\n\n# Create a new password\ncurl -XPOST 'https://$API_GATEWAY_ID.execute-api.$REGION.amazonaws.com/Prod/password/confirm' --header \"username: $SAMPLE_EMAIL\" --header \"password: $SAMPLE_PASSWORD\" --header \"confirmationCode: CONFIRMATION_CODE\"\n\n# Update User Attribute\ncurl -XPOST 'https://$API_GATEWAY_ID.execute-api.$REGION.amazonaws.com/Prod/admin/user/attribute' --header \"idToken: JWT_ID_TOKEN\" --header \"attributeName: name\" --header \"attributeValue: Vladimir Budilov\"\n\n# Delete User\ncurl -XDELETE 'https://$API_GATEWAY_ID.execute-api.$REGION.amazonaws.com/Prod/admin/user' --header \"idToken: JWT_ID_TOKEN\" \n\n```\n\n##### The following endpoints are only valid when MFA verification is turned on. Not valid for a seamless migration experience for customers, but still good to showcase this functionality \n```\n# Resend Confirmation Code \ncurl -XPOST 'https://$API_GATEWAY_ID.execute-api.$REGION.amazonaws.com/Prod/resendcode' --header \"username: $SAMPLE_EMAIL\"\n\n# Confirm SignUp\ncurl -XPOST 'https://$API_GATEWAY_ID.execute-api.$REGION.amazonaws.com/Prod/confirmsignup' --header \"username: $SAMPLE_EMAIL\" --header \"confirmationCode: CONFIRMATION_CODE\"\n\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fawslabs%2Fcognito-proxy-rest-service","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fawslabs%2Fcognito-proxy-rest-service","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fawslabs%2Fcognito-proxy-rest-service/lists"}