Authentication with Aws Cognito, Passport and NestJs (Part I)

fstbraz

Fausto Braz

Posted on October 12, 2022

Authentication with Aws Cognito, Passport and NestJs (Part I)

Authentication is one of the most complex parts of developing applications. It's also one of the most important because it's how you know who you're dealing with. When building a platform, authentication is even more crucial—you need to ensure that only people who are supposed to be accessing your service can do so.

There are many different ways to go about it, but today we'll discuss how to use AWS Cognito, Passport, and NestJs to create an authentication system for your app. This is a beginner tutorial, and it should take you a long to better understand authentication with cloud providers.

But first, let's look at this diagram to see how everything will be connected:

Auth flow

Aws Cognito

Aws Cognito is an Amazon service that can provide authentication, authorization, and user management out of the box, and you can learn more about it here

The first step is setting up your AWS account; if you don't have one, you can sign up for one here. Also, you can see the related costs with each service on that page.

After we have our account, we will search for the Cognito service like so:
Searching for cognito

Let's click Create user pool, on step1 let's keep the Cognito user pool checked and choose only the email to sign in:

Step 1

On the configure security requirements, let's disabled MFA because it will add unnecessary complexity to this guide.

Step 2

When configuring the sign-up experience, let's add the name to the required attributes.

Step 3

In the next step for configuring the message delivery, let's send emails with Cognito.

Step 4

On the app integration, we named our poll pokemon-app, and we created a new app client name called node-app, going with the default values for now.
Step 5
Step 5_1

In our last step, let's verify everything is correct and create the user poll.

Next, select the user pool in the table, go for the app integration tab, and create a Cognito domain. (I've used https://pokemon-app.auth.us-east-1.amazoncognito.com)

Creating a Cognito domain

We should save the Cognito Domain and the Client ID value for later usage in the guide.
Client Id

Let's change the content from the verification email to a link:
Verification Email

Now let's grant Cognito access to our user; let's search for IAM, the service to manage access to AWS resources:
Searching for IAM

If you already have a user select the user and click Add permissions go for the Attach existing policies directly separator and search for AmazonEsCognitoAccess:
IAM policy attribution

Select the policy next, and assign it to the user.
Cognito policy

If you don't have a user, you must set up one and add the security policy. (You can set the policy on the second step when creating a new one)

Creating an IAM user

In the next part, we will set up our next js project and integrate it with Cognito. Please stay tuned 😊

💖 💪 🙅 🚩
fstbraz
Fausto Braz

Posted on October 12, 2022

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related