AWS Cognito package provides a simple way to use AWS Cognito authentication in Laravel 7.x for Web and API Auth Drivers.

Features

• Registration and Confirmation E-Mail
• Forced password change at first login (configurable)
• Login
• Remember Me Cookie
• Single Sign-On
• Forgot Password (Resend - configurable)
• User Deletion
• Edit User Attributes
• Reset User Password
• Confirm Sign Up
• Easy API Token handling (uses the cache driver)
• DynamoDB support for Web Sessions and API Tokens (useful for server redundancy OR multiple containers)
• Easy configuration of Token Expiry (Manage using the Cognito console, no code or configurations needed)
• Support for App Client without Secret (NEW Feature)

Installation

You can install the package via composer.

composer require ellaisys/aws-cognito

Cognito User Pool

In order to use AWS Cognito as an authentication provider, you require a Cognito User Pool.

If you haven’t created one, go to your Amazon management console and create a new user pool.

Next, generate an App Client. This will give you the App client id and the App client secret you need for your .env file.

IMPORTANT: Don’t forget to activate the checkbox to Enable sign-in API for server-based Authentication. The Auth Flow is called: ADMIN_USER_PASSWORD_AUTH (formerly ADMIN_NO_SRP_AUTH)

AWS IAM configuration
You also need a new IAM Role with the following Access Rights:

• AmazonCognitoDeveloperAuthenticatedIdentities
• AmazonCognitoPowerUser
• AmazonESCognitoAccess

From this IAM User, you must use the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY in the laravel environment file.

Cognito API configuration

Add the following fields to your .env file and set the values according to your AWS settings:

    # AWS configurations for cloud storage
    AWS_ACCESS_KEY_ID="Axxxxxxxxxxxxxxxxxxxxxxxx6"
    AWS_SECRET_ACCESS_KEY="mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx+"

    # AWS Cognito configurations
    AWS_COGNITO_CLIENT_ID="6xxxxxxxxxxxxxxxxxxxxxxxxr"
    AWS_COGNITO_CLIENT_SECRET="1xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx1"
    AWS_COGNITO_USER_POOL_ID="xxxxxxxxxxxxxxxxx"
    AWS_COGNITO_REGION="xxxxxxxxxxx" //optional - default value is 'us-east-1'
    AWS_COGNITO_VERSION="latest" //optional - default value is 'latest'

Usage

Our package is providing you 6 traits you can just add to your Auth Controllers to get our package running.

Ellaisys\Cognito\Auth\AuthenticatesUsers
Ellaisys\Cognito\Auth\RegistersUsers
Ellaisys\Cognito\Auth\ResetsPasswords
Ellaisys\Cognito\Auth\RespondsMFAChallenge
Ellaisys\Cognito\Auth\SendsPasswordResetEmails
Ellaisys\Cognito\Auth\VerifiesEmails

In the simplest way you just go through your Auth Controllers and change namespaces from the traits which are currently implemented from Laravel.

You can change the structure to suit your needs. Please be aware of the @extend statement in the blade file to fit into your project structure. At the current state, you need to have those 4 form fields defined here. Those are token, email, password, and password_confirmation.


Here's the basic introduction, For more details, you can visit [Github](https://github.com/ellaisys/aws-cognito)