I first worked with Amazon Web Services (AWS) Cognito in 2018 while building a financial web app that was deeply tied to the AWS infrastructure. It made use of AWS lambas, AWS Dynamo DB, the API gateway and AWS Cognito to process data from banks and create a rewards platform for businesses. Cognito’s documentation then, as AWS’s documentation tends to be, was quite difficult to work through. I pieced together a usable solution but didn’t foresee Cognito and I meeting again.

Fast-forward a few weeks ago and I needed to evaluate both Cognito and Firebase as an authentication service to use for a powerful insurance web app. While it is almost 4 years since that fateful encounter with Cognito, the nightmares are still fresh, and I still bear the scars. I’d have loved to immediately call it for Firebase but I took a number of key technical factors into consideration and Cognito came out on top. So, we meet again, my old friend foe…

I went in, silently hoping Cognito had changed her ways. The joke was on me. Several days later, I realized Cognito might have only gotten worse (in documentation) over the years 🙂   

In case you’ve had similar challenges, here’s a high-level walk-through of how I went about implementing Cognito for a JS front-end [Vue.js] and a Django backend.

I’ll break this down into a series of articles:

  1. Implementing Cognito on the frontend
  2. Implementing Cognito on the backend and migrating your users (if you had an existing app)

To set the stage, it is quite useful to know [or get a refresher] on JSON web tokens (JWTs). To do that, check out this article

In it, you see that we follow the following steps:

  1. The application or client requests authorization to the authorization server, in this case Cognito. This is performed through one of the different authorization flows.
  2. When the authorization is granted, the authorization server [Cognito] returns an access token to the client application.
  3. The client application uses the access token when making all requests to the backend API

Based on this flow, you’d change your front-end to talk to AWS Cognito, retrieve a JWT and then from that point forward, use that JWT with all your API requests.

So basically, as you look at changing your app to start using Cognito, you need to do two things:

Some extra steps you might consider doing on the frontend:

I called these steps optional because you have the option to use Cognito’s self-hosted UI to do them. It would save you lots of hours of coding time.

In the following articles, I’ll get into how to get into changing your frontend and your backend as well.

Leave a Reply

Your email address will not be published. Required fields are marked *