AWS Cognito as Django authentication back-end for web site

Lars Ericson picture Lars Ericson · May 29, 2017 · Viewed 13.1k times · Source

My reading of Cognito is that it can be used in place of a local Django admin database to authenticate users of a website. However I am not finding any soup-to-nuts examples of a basic "Hello, World" app with a login screen that goes through Cognito. I would very much appreciate it if someone could post an article that shows, step-by-step, how to create a Hello World Django app and a Cognito user pool, and then how to replace the default authentication in Django with a call to AWS Cognito.

In particular I need to know how to gather the information from the Cognito admin site that is needed to set up a call to Cognito API to authenticate a user.

There are two cases to consider: App user login to App, and Admin login to django Admin URL of site. I assume that I would want to use Cognito for both cases, otherwise I am leaving a potential hole where the Admin URL is using a weaker login technology.

Current answers on AWS forums and StackExchange either say:

(1) It is a waste of time to use Cognito for authenticating a website, it is only for access to AWS resources

(2) It is not a waste of time. I am about to give up. I have gone as far as creating a sample Cognito user pool and user groups, and of scouring the web for proper examples of this use case. (None found, or I wouldn't be writing.)

(3) https://github.com/capless/warrant, https://github.com/metametricsinc/django-warrant are two possible solution from the aws forums.

Answer

Gal Silberman picture Gal Silberman · Feb 22, 2018

If you are reading this, you probably googled "aws cognito django" xD.

I just want to share what I did in order to get this thing to work:

  • Django-Warrant. Great aws cognito wrapper package.
  • Make sure to understand your current User model structure. If you use custom user model, don't forget to map it using COGNITO_ATTR_MAPPING setting.
  • Change your authentication to support 3rd party connectivity. When you get from the client some Cognito token, convert it into your own token using oAuth/JWT/Session.

  • Rethink your login/register process. Do you want different registration? The django-warrant package supports it...

At the end of the day, this is a GREAT solution for fast authentication.