{"id":22724789,"url":"https://github.com/mridang/example-cognito","last_synced_at":"2026-05-03T15:34:41.053Z","repository":{"id":241673426,"uuid":"806891623","full_name":"mridang/example-cognito","owner":"mridang","description":"An example project to toy around with AWS Cognito","archived":false,"fork":false,"pushed_at":"2026-01-13T03:40:32.000Z","size":7133,"stargazers_count":0,"open_issues_count":6,"forks_count":0,"subscribers_count":0,"default_branch":"master","last_synced_at":"2026-01-13T06:49:30.305Z","etag":null,"topics":["aws","aws-cognito","cloudformation","demo","example","nestjs","serverless"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mridang.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2024-05-28T05:38:07.000Z","updated_at":"2026-01-09T06:47:32.000Z","dependencies_parsed_at":"2025-01-17T06:20:18.637Z","dependency_job_id":"5bd76290-e2e5-4d55-be50-3fef6bf5883a","html_url":"https://github.com/mridang/example-cognito","commit_stats":null,"previous_names":["mridang/example-cognito"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/mridang/example-cognito","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mridang%2Fexample-cognito","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mridang%2Fexample-cognito/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mridang%2Fexample-cognito/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mridang%2Fexample-cognito/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mridang","download_url":"https://codeload.github.com/mridang/example-cognito/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mridang%2Fexample-cognito/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32575111,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-03T06:36:36.687Z","status":"ssl_error","status_checked_at":"2026-05-03T06:36:09.306Z","response_time":103,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","aws-cognito","cloudformation","demo","example","nestjs","serverless"],"created_at":"2024-12-10T15:07:56.561Z","updated_at":"2026-05-03T15:34:41.032Z","avatar_url":"https://github.com/mridang.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"This is an example project to toy around with AWS Cognito.\n\nCognito just feels like a tier 2 offering and has rather cryptic documentation.\nWhile it has been around for a few years, it is still as clunky to set up\nas ever.\n\n##### Caveats\n\n**You can't change required attributes after you create a user pool.**\nThis means that if you've decided that every user must fill in their \"gender\",\nyou would need to recreate the entire user pool.\nTo circumvent this limitation, the user pool has enabled all fields but\nmarked them as not-required, barring the first name and last name.\n\nAnother gotcha is that **the MFA setting cannot be changed** at a later stage.\nIf you disable MFA, and later choose to enable it, you would need\nto recreate the entire user pool.\nThe sample implementation makes the MFA setup optional.\nForcing users to sign in with their MFA, happens on the application side.\nThis is done by adding custom claim named `custom:mfa_enabled` to the JWT.\n\n**The hosted UI provides rather limited customizability.**\nThe most notable limitation is lack of localisation.\nA bit of digging around surfaced articles which had various approaches to\nadd localisation, but these had limited or no success.\nIf localisation is a priority, it is best that you rebuild the authentication\ninterface using Amplify's Authentication Components.\n\n**There is no way to import users with their hashed passwords.** You can import\nusers, but they will need to confirm their email, set a new password and then\nenable MFA all over again.\nThis makes migrating to Cognito a rather clumsy approach or an almost\nprohibitive approach.\n\n**A parent domain is required.** If you use auth.example.com as the domain\nfor the Hosted UI, the parent domain must have an `A` record that points\nto something.\nWhile this hasn't been an issue in this same project, it may become an\nissue in larger deployments.\nSee https://stackoverflow.com/q/51249583/304151\n\n**The link-based verifications don't work as expected**. When you use the\nlink-based verification, the email templates don't work as expected.\nAt a first glance it seems simple, but when you inject the `linkParameter`\nvariable in your email template, it often breaks as Cognito does some\nbuggy string replacement.\nI've found examples where folks have attempted to avoid using that parameter\nand instead rely on programmatically constructing the verification link, but\nthose don't seem to work as expected either.\nhttps://dev.classmethod.jp/articles/cognito-user-pool-signup-customize/\n\nTo get around this, the same has switched over to using code-based\nverifications.\nIt is a little clunkier than the link-based verification, but I can imagine\nthat it isn't a major blocker for adopting Cognito.\n\n**There is no simple way to map users to tenants**. In a scenario where\none user may have access to multiple accounts, Cognito is rather unwieldy.\nAn initial look might suggest creating one group per account/tenant, but\nthere is a hard limit of 10,000 groups in Cognito.\nThis limitation mandates that you store the user to tenant/account mapping\nin another system.\n\n**There is no support for Disaster Recovery**. There is no way to back up\na Cognito Userpool.\nIn a worst case scenario, if the user pool were to be deleted, you are\ndead in the water.\nA way of circumventing this is to synchronize all data to a DynamoDB table\nusing Cognito Sync and periodically backing up that table.\nIn the event of a disaster, you will need to recreate the pool and import\nall users again.\nWhile this seems clunky, this should provide ample resilience, however,\nusers will need to set new passwords and enable MFA all over again.\n\n**There is no support for password expiration policies** and there are\nno workarounds either.\n\n### Demo\n\nTo play around with Cognito, visit https://example-cognito.agarwal.la/ and\nsign up.\n\nThe interface is rather awful, but it allows you to log in.\n\n#### Domains.\n\nThere's a big gotcha with the domains. If you use auth.example.com then,\nexample.com must have an A record pointing to something.\n\nhttps://stackoverflow.com/q/51249583/304151\n\n#### Usernames\n\nThe usernames were case-sensitive and they have been made case-insensitive.\n\n#### MFA\n\nIn order to configure MFA, there is a lambda that checks is the user has a\nspecific email address and then enables MFA.\n\nThis approach allows us to conditionally deduce who should have MFA.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmridang%2Fexample-cognito","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmridang%2Fexample-cognito","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmridang%2Fexample-cognito/lists"}