Skip to content

140 cognito#168

Open
chnnick wants to merge 39 commits into
mainfrom
140-Cognito
Open

140 cognito#168
chnnick wants to merge 39 commits into
mainfrom
140-Cognito

Conversation

@chnnick

@chnnick chnnick commented May 25, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

ℹ️ Issue

Closes #140

📝 Description

Created an easily-importable NestJS guard that can be used by future projects to implement Cognito Authentication into their application. Amplify on the frontend authenticates users, providing registered users with a JWT access token that can be used to access authorized routes.

Briefly list the changes made to the code:

  1. NestJS guard that checks and verifies the Bearer token in the authorization header via AWS Cognito to determine access onto specific routes, puts the verified token payload under a user field of the request that can be read by other methods.
  2. CognitoService getUser() method that exposes the verified JWT payload attached to the request by the guard
  3. Cognito module that imported into App Module for authentication across entire application
  4. @public decorator that allows one to bypass authentication by putting metadata read by the guard
  5. Interface for an expected JWT payload used by the guard and service
  6. Cognito config that allows for a centralized place to extract env variables for Cognito
  7. Tests for the cognito service and cognito guard
  8. Implemented Amplify on the frontend to show an auth screen and configure auth for the application if frontend cognito env variables are set, if anyfrontend cognito env values are not set, there is no auth screen
  9. Cognito .env variables in example.env that is used by both the backend (Cognito) and frontend (Amplify)
  10. README.md in backend/aws/cognito for new devs/TLs that provides documentation for how the authentication flow works: Authentication in frontend -> Authorization in the backend, as well as how to expand in the future.

✔️ Verification

Backend TESTS:
Screenshot 2026-06-11 at 6 47 08 PM
Screenshot 2026-06-11 at 6 47 34 PM

Frontend TESTS:
No Auth:
Screenshot 2026-05-24 at 1 19 14 PM
With Auth:
Screenshot 2026-05-24 at 1 19 40 PM

🏕️ (Optional) Future Work / Notes

  • No styling on auth page, can import the @aws-amplify/ui-react/styles.css library on main.tsx to use their premade styling?

NEW: I think that a workshop on Authentication / Authorization would be helpful for future devs, would 100% be up to helping with that! I spent wayyy too much time figuring out the difference between the two and their uses in larger apps like which scaffolding will fork off of.

chnnick added 11 commits May 15, 2026 15:15
@chnnick
wrap app in authenticator if cognito information is set in env file, …
918f560 
…added required env keys to example.env, configured amplify in separate auth file only if both environment variables exist/are set.
@chnnick
correctly importing env variables, type guards for each value so conf…
94a3b9e 
…igure runs correctly with cognito values as strings.
@chnnick
new cognito env variables, JWTPayload type
dd53297
@chnnick
cognito config + updated types to allow for both id and access tokens
c222613
@chnnick
cognito guard, module, and decorators, added to appmodule
e61d789
@chnnick
tests for guard and service
765e65c
@chnnick
documentation
118ed9b
@chnnick
move auth into the correct folder
b3d9471
@chnnick
warnings for dual usage of Cognito
557f6f9
@chnnick
widen aud type to allow for serialization of the aud claim as either …
1e94607 
…array of strings or a single string.
@chnnick
updated documentation
f2b0716
@chnnick chnnick requested a review from maxn990 as a code owner May 25, 2026 00:37
chnnick added 5 commits May 24, 2026 17:44
@chnnick
tests clarification for denying partial configurations: Auth is activ…
81729d4 
…e (COGNITO_USER_POOL_ID is set), but missing env variables for client_id and cognito_region both should not allow requests to go through
@chnnick
Merge branch 'main' of https://github.com/Code-4-Community/scaffolding
fd9f237 
…into 140-Cognito
@chnnick
Merge branch 'main' of https://github.com/Code-4-Community/scaffolding
e4e878a 
…into 140-Cognito

Note: added necessary packages for aws-amplify. Did not push merged changes that existed inside .nx
@chnnick
Merge branch 'main' of https://github.com/Code-4-Community/scaffolding
57c2553 
…into 140-Cognito
@chnnick
Merge branch '140-Cognito' of https://github.com/Code-4-Community/sca…
f78c0e7 
…ffolding into 140-Cognito.
dburkhart07
dburkhart07 requested changes May 28, 2026
View reviewed changes

@dburkhart07 dburkhart07 left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Amazing! Very educational for me to read through as well!

Comment thread apps/backend/src/aws/cognito/cognito.module.ts
Comment thread apps/backend/src/aws/cognito/cognito.config.ts Outdated
Comment thread apps/backend/src/aws/cognito/cognito.module.ts Outdated
Comment thread apps/backend/src/aws/cognito/cognito.service.spec.ts Outdated
Comment thread apps/backend/src/aws/cognito/cognito.guard.ts Outdated
Comment thread apps/backend/src/aws/cognito/cognito.guard.ts Outdated
Comment thread apps/backend/src/aws/cognito/README.md Outdated
Comment thread apps/frontend/src/auth/auth.config.ts
Comment thread apps/frontend/src/auth/auth.config.ts Outdated
Comment thread example.env Outdated
chnnick added 12 commits May 29, 2026 16:58
@chnnick
Cognito Module as a global import, export CognitoJWTGuard in module f…
65d940c 
…or greater accessiblity
@chnnick
require all three Cognito env variables to enable authentication
fc6d8ec
@chnnick
wrapped getUser tests into describe(), use Request type alias instead…
4f3d4f1 
… of never type for mock requests
@chnnick
use cached jswk client for jwks, typed the payload that returns from …
ad13e14 
…verifyToken
@chnnick
updated documentation after importing CognitoModule into AppModule by…
167141a 
… default
@chnnick
updated documentation to match new auth disable requirements (missing…
378435b 
… any env variables)
@chnnick
updated tests for missing env variables -> auth disabled
35a5127
@chnnick
try to just use cognitoinformationpresent
2b96133
@chnnick
type vite cognito env vars before passing into amplify.configure
cd44f7a
@chnnick
Merge branch '140-Cognito' of https://github.com/Code-4-Community/sca…
0253089 
…ffolding into 140-Cognito
@chnnick
get rid of VITE specific cognito variables in .env instead have them …
146b271 
…autogenerated in vite.config, also set the project root to allow frontend access to root /.env file.
@chnnick
Merge branch 'main' of https://github.com/Code-4-Community/scaffolding
b579463 
…into 140-Cognito
@chnnick

chnnick commented Jun 10, 2026

Copy link
Copy Markdown
Contributor Author

Fell down an authentication/authorization rabbit hole atm will update with new changes soon for a better approach for an authentication-only module that still allows authorization (RBAC) later down the line

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dburkhart07 dburkhart07 dburkhart07 requested changes

@maxn990 maxn990 Awaiting requested review from maxn990 maxn990 is a code owner

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Cognito Module

2 participants

@chnnick @dburkhart07