Skip to content

Instantly share code, notes, and snippets.

@kidsil
Last active June 17, 2023 16:21
Show Gist options
  • Save kidsil/cb0112e912960f517d88c586e333bdc3 to your computer and use it in GitHub Desktop.
Save kidsil/cb0112e912960f517d88c586e333bdc3 to your computer and use it in GitHub Desktop.
Get AWS Cognito Token ID (JWT) with JavaScript (NodeJS)
const AWS = require('aws-sdk');
const CognitoSDK = require('amazon-cognito-identity-js-node');
AWS.CognitoIdentityServiceProvider.AuthenticationDetails = CognitoSDK.AuthenticationDetails;
AWS.CognitoIdentityServiceProvider.CognitoUserPool = CognitoSDK.CognitoUserPool;
AWS.CognitoIdentityServiceProvider.CognitoUser = CognitoSDK.CognitoUser;
const Username = 'testuser';
const TempPassword = 'TemporaryPassword2!';
const NewPassword = 'NewPassword@#@!19';
const Email = '[email protected]';
const config = { region: 'us-east-1' };
const UserPoolId = 'USER_POOL_ID_HERE';
const ClientId = 'APP_CLIENT_ID_HERE'; // Your App client id (add via Console->Cognito User Pool)
const cognitoIdentityServiceProvider =
new AWS.CognitoIdentityServiceProvider(config);
const saveOrUpdateUser = (profile) => {
//User Pool
const poolData = {
UserPoolId : UserPoolId,
ClientId : ClientId // Your App client id here
};
const userPool = new AWS.CognitoIdentityServiceProvider.CognitoUserPool(poolData);
//User
const userParams = {
Pool: userPool,
Username: Username,
};
var cognitoUser = new AWS.CognitoIdentityServiceProvider.CognitoUser(userParams);
//Authentication
const authenticationData = {
Username: Username,
Password: NewPassword, //1st time use TempPassword
}
const authenticationDetails = new AWS.CognitoIdentityServiceProvider.AuthenticationDetails(authenticationData);
var responseFunctions = {
onSuccess: (result) => {
console.log('IT WORKED!');
console.log(result);
},
onFailure: (err) => {
console.log('no go :(');
console.log(err);
}
};
//newPasswordRequired has to be added separately because it sends responseFunctions to completeNewPasswordChallenge
responseFunctions.newPasswordRequired = (userAttributes, requiredAttributes) => {
delete userAttributes.email_verified;
cognitoUser.completeNewPasswordChallenge(NewPassword, {email: Email}, responseFunctions)
};
cognitoUser.authenticateUser(authenticationDetails, responseFunctions);
};
saveOrUpdateUser();
{
"name": "test-app",
"description": "test app",
"version": "0.0.1",
"engines": {
"node": ">=6.3.1"
},
"devDependencies": {
"amazon-cognito-identity-js-node": "0.0.3",
"aws-sdk": "^2.5.3"
}
}
events:
- http:
path: restricted
method: get
cors: true
integration: lambda
authorizer:
arn: arn:aws:cognito-idp:AWS_REGION:AWS_ACCOUNT_ID:userpool/AWS_USERPOOL_ID
resultTtlInSeconds: 0
claims:
- email
identitySource: method.request.header.Authorization
identityValidationExpression: .*
@mikhael28
Copy link

This gist is great - thank you! For anyone who is trying to run this as a script locally, for programmatic access to an access token for database testing, etc - add the following line somewhere near the top of your index.js (assuming you aren't running it as a lambda function):

global.navigator = () => null;

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment