PHPackages benbjurstrom/cognito-jwt-guard - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. benbjurstrom/cognito-jwt-guard ActiveLaravel[Authentication & Authorization](/categories/authentication) benbjurstrom/cognito-jwt-guard ============================== A laravel auth guard for JSON Web Tokens issued by Amazon AWS Cognito v0.2.0(6y ago)1113.1k18[1 issues](https://github.com/benbjurstrom/cognito-jwt-guard/issues)[5 PRs](https://github.com/benbjurstrom/cognito-jwt-guard/pulls)MITPHPPHP >=5.5.0 Since Feb 16Pushed 3y ago3 watchersCompare [ Source](https://github.com/benbjurstrom/cognito-jwt-guard)[ Packagist](https://packagist.org/packages/benbjurstrom/cognito-jwt-guard)[ Docs](https://github.com/benbjurstrom/cognito-jwt-guard)[ RSS](/packages/benbjurstrom-cognito-jwt-guard/feed)WikiDiscussions master Synced 3w ago READMEChangelogDependencies (10)Versions (7)Used By (0) Cognito JWT Guard ================= [](#cognito-jwt-guard) Laravel authorization guard for JSON Web Tokens issued by Amazon AWS Cognito [![Build Status](https://github.com/benbjurstrom/cognito-jwt-guard/workflows/build/badge.svg?branch=master)](https://packagist.org/packages/benbjurstrom/cognito-jwt-guard?branch=master)[![Latest Stable Version](https://camo.githubusercontent.com/c63c90ea4c4d3ff357f7bc36ee6a0c562d4a837fdc10765cab5307f304a4d7c6/68747470733a2f2f706f7365722e707567782e6f72672f62656e626a75727374726f6d2f636f676e69746f2d6a77742d67756172642f762f737461626c65)](https://packagist.org/packages/benbjurstrom/cognito-jwt-guard)[![Coverage Status](https://camo.githubusercontent.com/aa368ece98c3d7cd1f39c009f2d67c9a8d3cfeb226eabba53c66fa31744007bb/68747470733a2f2f636f766572616c6c732e696f2f7265706f732f6769746875622f62656e626a75727374726f6d2f636f676e69746f2d6a77742d67756172642f62616467652e7376673f6272616e63683d6d6173746572)](https://coveralls.io/github/benbjurstrom/cognito-jwt-guard?branch=master)[![License](https://camo.githubusercontent.com/b4f3ac860b85f58494cd4ef2cc459774c73f1aa5b8bca31edcce267aeb864da8/68747470733a2f2f706f7365722e707567782e6f72672f62656e626a75727374726f6d2f636f676e69746f2d6a77742d67756172642f6c6963656e7365)](https://packagist.org/packages/benbjurstrom/cognito-jwt-guard) Overview -------- [](#overview) This package provides a Laravel authentication guard to validate JSON Web Tokens (JWT) issued by the configured AWS Cognitio User Pool. The guard accepts tokens passed through the Authorization header or set as a CognitoIdentityServiceProvider cookie. Once the token has been validated against the pool’s public key the guard will look for a Laravel user with a cognito\_uuid value equal to the username property contained in the token. If a local Laravel user is found the guard will authenticate them for the duration of the request. If one is not found and Single Sign-On is enabled this package will create a new Laravel user. Note that this package does not provide methods for exchanging a username and password for a token. As such it is intended to be used with Laravel API-driven applications where the client would either obtain the token directly from Cognito or through a dedicated application responsible for authentication. Installation ------------ [](#installation) You can install the package using composer ``` composer require benbjurstrom/cognito-jwt-guard ``` Next publish the [migration](https://github.com/benbjurstrom/cognito-jwt-guard/blob/master/database/migrations/add_cognito_uuid_to_users_table.php.stub) and the [config/cognito.php](https://github.com/benbjurstrom/cognito-jwt-guard/blob/master/config/cognito.php) config file with: ``` php artisan vendor:publish --provider="BenBjurstrom\CognitoGuard\CognitoServiceProvider" ``` Next go ahead and run your migrations. This will add the required cognito\_uuid property to your users table ``` php artisan migrate ``` Add your AWS Cognito user pool's identifier and region to the `.env` file ``` AWS_COGNITO_REGION= AWS_COGNITO_USER_POOL_ID= ``` You will also need to change the auth driver in your config/auth.php file ``` // config/auth.php 'guards' => [ 'web' => [ 'driver' => 'session', 'provider' => 'users', ], 'api' => [ 'driver' => 'cognito', // This line is important 'provider' => 'users', ], ], ``` Finally, depending on how you configured your Cognito User Pool's required attributes you may also want to make adjustments to your Single Sign-On settings in the published config/cognito.php file ``` // config/cognito.php /* |-------------------------------------------------------------------------- | Single Sign-On Settings |-------------------------------------------------------------------------- | If sso is true the cognito guard will automatically create a new user | record anytime the username attribute contained in a validated JWT | does not already exist in the users table. | | The new user will be created with the user attributes listed here | using the values stored in the given cognito user pool. Each attribute | listed here must be set as a required attribute in your cognito user | pool. | | When sso_repository_class is set this package will pass a new instance | of the the auth provider's user model to the given class's | createCognitoUser method. The users model will be hydrated with the given | sso_user_attributes before it is passed. */ 'sso' => env('SSO', false), 'sso_repository_class' => null, 'sso_user_attributes' => [ 'name', 'email', ] ``` Configuring an sso\_repository\_class is optional but doing so allows you to modify the new user record before it is saved or to dispatch events. An example sso\_repository\_class might look like this: ```