PHPackages bluefyn-international/aws-cognito - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. bluefyn-international/aws-cognito ActiveLibrary[Authentication & Authorization](/categories/authentication) bluefyn-international/aws-cognito ================================= AWS Cognito package that allows Auth and other related features using the AWS SDK for PHP v0.9.7(4y ago)19.1k[1 PRs](https://github.com/bluefyn-international/aws-cognito/pulls)MITPHPPHP ^7.4|^8.0 Since Oct 2Pushed 4y agoCompare [ Source](https://github.com/bluefyn-international/aws-cognito)[ Packagist](https://packagist.org/packages/bluefyn-international/aws-cognito)[ Docs](https://github.com/bluefyn-international/aws-cognito)[ RSS](/packages/bluefyn-international-aws-cognito/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (5)Dependencies (4)Versions (24)Used By (0) Laravel Package to manage Web and API authentication with AWS Cognito ===================================================================== [](#laravel-package-to-manage-web-and-api-authentication-with-aws-cognito) AWS Cognito package using the AWS SDK for PHP This package is a fork of ellaisys/aws-cognito but has undergone major changes and is targeted towards newer version of both PHP and Laravel. [![Latest Version on Packagist](https://camo.githubusercontent.com/7f2093d31f36dd03e4925addcba0dcc63e0991ff4154029fd5f9adbf9704c8a8/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f626c756566796e2d696e7465726e6174696f6e616c2f6177732d636f676e69746f3f7374796c653d666c61742d737175617265)](https://camo.githubusercontent.com/7f2093d31f36dd03e4925addcba0dcc63e0991ff4154029fd5f9adbf9704c8a8/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f626c756566796e2d696e7465726e6174696f6e616c2f6177732d636f676e69746f3f7374796c653d666c61742d737175617265)[![Release Date](https://camo.githubusercontent.com/7ba034309751112d7a2cbc459dbff1371dd793b246133915f588666c6c8aba6f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f72656c656173652d646174652f626c756566796e2d696e7465726e6174696f6e616c2f6177732d636f676e69746f3f7374796c653d666c61742d737175617265)](https://camo.githubusercontent.com/7ba034309751112d7a2cbc459dbff1371dd793b246133915f588666c6c8aba6f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f72656c656173652d646174652f626c756566796e2d696e7465726e6174696f6e616c2f6177732d636f676e69746f3f7374796c653d666c61742d737175617265)[![Total Downloads](https://camo.githubusercontent.com/d76844d192cd465c3b3e4c2e072f47f4d0baf51552ddd62d1cdf696333091ce6/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f626c756566796e2d696e7465726e6174696f6e616c2f6177732d636f676e69746f3f7374796c653d666c61742d737175617265)](https://camo.githubusercontent.com/d76844d192cd465c3b3e4c2e072f47f4d0baf51552ddd62d1cdf696333091ce6/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f626c756566796e2d696e7465726e6174696f6e616c2f6177732d636f676e69746f3f7374796c653d666c61742d737175617265)[![APM](https://camo.githubusercontent.com/3c782b956a2eb86db68e5e638d909e56fe7ee88b612384ce975f6ea331c07f84/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f6c2f626c756566796e2d696e7465726e6174696f6e616c2f6177732d636f676e69746f3f7374796c653d666c61742d737175617265)](https://camo.githubusercontent.com/3c782b956a2eb86db68e5e638d909e56fe7ee88b612384ce975f6ea331c07f84/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f6c2f626c756566796e2d696e7465726e6174696f6e616c2f6177732d636f676e69746f3f7374796c653d666c61742d737175617265) This package provides a simple way to use AWS Cognito authentication in Laravel 8.x for Web and API Auth Drivers. The idea of this package, and some of the code, is based on the package from Pod-Point which you can find here: [Pod-Point/laravel-cognito-auth](https://github.com/Pod-Point/laravel-cognito-auth), [black-bits/laravel-cognito-auth](https://github.com/black-bits/laravel-cognito-auth) and [tymondesigns/jwt-auth](https://github.com/tymondesigns/jwt-auth). We decided to use it and contribute it to the community as a package, that encourages standardised use and a RAD tool for authentication using AWS Cognito. The following features are in the package: - Registration and Confirmation E-Mail - Forced password change at first login - Login - Remember Me Cookie - Single Sign On - Forgot Password - User Deletion - Edit User Attributes - Reset User Password - Confirm Sign Up - Easy API Token handling (uses the cache driver) ### Disclaimer [](#disclaimer) *While this package is used in production it is not a GA (1.x) level release. Updates/changes will be coming which may cause issues. Additionally, not all features/options are fully implemented. You are invited to open Issues and PRs about the defects or new feature enhancements. However, this being a free support, we would not be able to commit to support SLAs or timelines.* Installation ------------ [](#installation) ### Compatability [](#compatability) PHP VersionSupport7.4Yes8.0Untested8.1UntestedLaravel VersionSupport7.xUntested8.xYes### Composer [](#composer) You can install the package via composer. ``` composer require bluefyn-international/aws-cognito ``` ### Publishing Assets [](#publishing-assets) You can publish the config and the view. ``` php artisan vendor:publish --provider="BluefynInternational\Cognito\Providers\AwsCognitoServiceProvider" ``` Last but not least you want to change the auth driver. To do so got to your config\\auth.php file and change it to look the following: ``` 'guards' => [ 'web' => [ 'driver' => 'cognito-session', // This line is important for using AWS Cognito as Web Driver 'provider' => 'users', ], 'api' => [ 'driver' => 'cognito-token', // This line is important for using AWS Cognito as API Driver 'provider' => 'users', ], ], ``` Cognito User Pool ----------------- [](#cognito-user-pool) In order to use AWS Cognito as authentication provider, you require a Cognito User Pool. If you haven't created one already, go to your [Amazon management console](https://console.aws.amazon.com/cognito/home) and create a new user pool. Next, generate an App Client. This will give you the App client id and the App client secret you need for your `.env` file. *IMPORTANT: Don't forget to activate the checkbox to Enable sign-in API for server-based Authentication. The Auth Flow is called: ADMIN\_USER\_PASSWORD\_AUTH (formerly ADMIN\_NO\_SRP\_AUTH)* You also need a new IAM Role with the following Access Rights: - AmazonCognitoDeveloperAuthenticatedIdentities - AmazonCognitoPowerUser - AmazonESCognitoAccess From this user you can fetch the AWS\_ACCESS\_KEY\_ID and AWS\_SECRET\_ACCESS\_KEY. ### Cognito API configuration [](#cognito-api-configuration) Add the following fields to your `.env` file and set the values according to your AWS settings: ``` # AWS configurations for cloud storage AWS_ACCESS_KEY_ID="Axxxxxxxxxxxxxxxxxxxxxxxx6" AWS_SECRET_ACCESS_KEY="mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx+" # AWS Cognito configurations AWS_COGNITO_CLIENT_ID="6xxxxxxxxxxxxxxxxxxxxxxxxr" AWS_COGNITO_CLIENT_SECRET="1xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx1" AWS_COGNITO_USER_POOL_ID="xxxxxxxxxxxxxxxxx" AWS_COGNITO_REGION="xxxxxxxxxxx" //optional - default value is 'us-east-1' AWS_COGNITO_VERSION="latest" //optional - default value is 'latest' ``` For more details on how to find AWS\_COGNITO\_CLIENT\_ID, AWS\_COGNITO\_CLIENT\_SECRET and AWS\_COGNITO\_USER\_POOL\_ID for your application, please refer [COGNITOCONFIG File](COGNITOCONFIG.md) ### Importing existing users into the Cognito Pool [](#importing-existing-users-into-the-cognito-pool) If you are already working on an existing project and want to integrate Cognito you have to [import a user csv file to your Cognito Pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-using-import-tool.html). Usage ----- [](#usage) Our package is providing you 5 traits you can just add to your Auth Controllers to get our package running. - BluefynInternational\\Cognito\\Auth\\AuthenticatesUsers - BluefynInternational\\Cognito\\Auth\\RegistersUsers - BluefynInternational\\Cognito\\Auth\\ResetsPasswords - BluefynInternational\\Cognito\\Auth\\SendsPasswordResetEmails - BluefynInternational\\Cognito\\Auth\\VerifiesEmails In the simplest way you just go through your Auth Controllers and change namespaces from the traits which are currently implemented from Laravel. You can change structure to suit your needs. Please be aware of the @extend statement in the blade file to fit into your project structure. At the current state you need to have those 4 form fields defined in here. Those are `token`, `email`, `password`, `password_confirmation`. Single Sign-On -------------- [](#single-sign-on) With our package and AWS Cognito we provide you a simple way to use Single Sign-Ons. For configuration options take a look at the config [cognito.php](/config/cognito.php). When you want SSO enabled and a user tries to login into your application, the package checks if the user exists in your AWS Cognito pool. If the user exists, he will be created automatically in your database provided the `add_missing_local_user_sso` is to `true`, and is logged in simultaneously. That's what we use the fields `sso_user_model` and `cognito_user_fields` for. In `sso_user_model` you define the class of your user model. In most cases this will simply be *App\\User*. With `cognito_user_fields` you can define the fields which should be stored in Cognito. Put attention here. If you define a field which you do not send with the Register Request this will throw you an InvalidUserFieldException and you won't be able to register. Now that you have registered your users with their attributes in the AWS Cognito pool and your database and you want to attach a second app which should use the same pool. Well, that's actually pretty easy. You can use the API provisions that allows multiple projects to consume the same AWS Cognito pool. \*IMPORTANT: if your users table has a password field you are not going to need this anymore. What you want to do is set this field to be nullable, so that users can be created without passwords. From now on, Passwords are stored in Cognito. Any additional registration data you have, for example `firstname`, `lastname` needs to be added in [cognito.php](/config/cognito.php) cognito\_user\_fields config to be pushed to Cognito. Otherwise they are only stored locally and are not available if you want to use Single Sign On's.\* Middleware configuration for API Routes --------------------------------------- [](#middleware-configuration-for-api-routes) In case you are using this library as API driver, you can register the middleware into the kernal.php in the $routeMiddleware ``` protected $routeMiddleware = [ ... 'aws-cognito' => \BluefynInternational\Cognito\Http\Middleware\AwsCognitoAuthenticate::class ] ``` To use the middleware into the **Web routes**, you can use the std auth middleware as shown below ``` Route::middleware('auth')->get('user', 'NameOfTheController@functionName'); ``` To use the middleware into the **API routes**, as shown below ``` Route::middleware('aws-cognito')->get('user', 'NameOfTheController@functionName'); ``` Registering Users ----------------- [](#registering-users) As a default, if you are registering a new user with Cognito, Cognito will send you an email during signUp that includes the username and temporary password for the users to verify themselves. Using this library in conjunction with **AWS Lambda**, once can look to customize the email template and content. The email template can be text or html based. The Lambda code for not included in this code repository. You can create your own. Any object (array) that you pass to the registration method is transferred as is to the lambda function, we are not prescriptive about the attribute names. We have made is very easy for anyone to use the default behaviour. 1. You don't need to create an extra field to store the verification token. 2. You don't have to bother about the Sessions or API tokens, they are managed for you. The session or token is managed via the standard mechanism of Laravel. You have the liberty to keep it where ever you want, no security loop holes. 3. If you use the trait provided by us 'BluefynInternational\\Cognito\\Auth\\RegistersUsers', the code will be limited to just a few lines 4. if you are using the Laravel scafolding, then make the password nullable in DB or drop it from schema. Passwords will be only managed by AWS Cognito. ``` use BluefynInternational\Cognito\Auth\RegistersUsers; class UserController extends BaseController { use RegistersUsers; public function register(Request $request) { $validator = $request->validate([ 'name' => 'required|max:255', 'email' => 'required|email|max:64|unique:users', 'password' => 'sometimes|confirmed|min:6|max:64', ]); //Create credentials object $collection = collect($request->all()); $data = $collection->only('name', 'email', 'password'); //passing 'password' is optional. //Register User in cognito if ($cognitoRegistered=$this->createCognitoUser($data)) { //If successful, create the user in local db User::create($collection->only('name', 'email')); } //End if //Redirect to view return view('login'); } } ``` 5. You don't need to turn off Cognito to send you emails. We rather propose the use of AWS Cognito or AWS SMS mailers, such that use credentials are always secure. User Authentication ------------------- [](#user-authentication) We have provided you with a useful trait that make the authentication very simple (with Web or API routes). You don't have to worry about any additional code to manage sessions and token (for API). The trait takes in some additional parameters, refer below the function signature of the trait. Note that the function takes the object of **Illuminate\\Support\\Collection** instead of **Illuminate\\Http\\Request**. This will allow you to use this function in any tier of the code. Also, the 'guard' name reference is passed, so that you can reuse the function for multiple guard drivers in your project. The function has the capability to handle the Session and Token Guards with multiple drivers and providers as defined in /config/auth.php ``` namespace BluefynInternational\Cognito\Auth; protected function attemptLogin ( Collection $request, string $guard='web', string $paramUsername='email', string $paramPassword='password', bool $isJsonResponse=false ) { ... ... ... } ``` In case you want to use this trait for Web login, you can write the code as shown below in the AuthController.php ``` namespace App\Http\Controllers; ... use BluefynInternational\Cognito\AwsCognitoClaim; use BluefynInternational\Cognito\Auth\AuthenticatesUsers as CognitoAuthenticatesUsers; class AuthController extends Controller { use CognitoAuthenticatesUsers; /** * Authenticate User * * @throws \HttpException * * @return mixed */ public function login(\Illuminate\Http\Request $request) { ... //Convert request to collection $collection = collect($request->all()); //Authenticate with Cognito Package Trait (with 'web' as the auth guard) if ($response = $this->attemptLogin($collection, 'web')) { if ($response===true) { return redirect(route('home'))->with('success', true); } else if ($response===false) { // If the login attempt was unsuccessful you may increment the number of attempts // to login and redirect the user back to the login form. Of course, when this // user surpasses their maximum number of attempts they will get locked out. // //$this->incrementLoginAttempts($request); // //$this->sendFailedLoginResponse($collection, null); } else { return $response; } //End if } //End if } //Function ends ... } //Class ends ``` In case you want to use this trait for API based login, you can write the code as shown below in the AuthApiController.php ``` namespace App\Api\Controller; ... use BluefynInternational\Cognito\AwsCognitoClaim; use BluefynInternational\Cognito\Auth\AuthenticatesUsers as CognitoAuthenticatesUsers; class AuthApiController extends Controller { use CognitoAuthenticatesUsers; /** * Authenticate User * * @throws \HttpException * * @return mixed */ public function login(\Illuminate\Http\Request $request) { ... //Convert request to collection $collection = collect($request->all()); //Authenticate with Cognito Package Trait (with 'api' as the auth guard) if ($claim = $this->attemptLogin($collection, 'api', 'username', 'password', true)) { if ($claim instanceof AwsCognitoClaim) { return $claim->getData(); } else { return response()->json(['status' => 'error', 'message' => $claim], 400); } //End if } //End if } //Function ends ... } //Class ends ``` Delete User ----------- [](#delete-user) If you want to give your users the ability to delete themselves from your app you can use our deleteUser function from the CognitoClient. To delete the user you should call deleteUser and pass the email of the user as a parameter to it. After the user has been deleted in your cognito pool, delete your user from your database too. ``` $cognitoClient->deleteUser($user->email); $user->delete(); ``` We have implemented a new config option `delete_user`, which you can access through `AWS_COGNITO_DELETE_USER` env var. If you set this config to true, the user is deleted in the Cognito pool. If it is set to false, it will stay registered. Per default this option is set to false. If you want this behaviour you should set USE\_SSO to true to let the user restore themselves after a successful login. To access our CognitoClient you can simply pass it as a parameter to your Controller Action where you want to perform the deletion. ``` public function deleteUser(Request $request, AwsCognitoClient $client) ``` Laravel will take care of the dependency injection by itself. ``` IMPORTANT: You want to secure this action by maybe security questions, a second delete password or by confirming the email address. ``` Changelog --------- [](#changelog) Please see [CHANGELOG](CHANGELOG.md) for more information on what has changed recently. Security -------- [](#security) If you discover any security related issues, please add it to the issue tracker. Credits ------- [](#credits) - [Bluefyn-Internationl](https://github.com/bluefyn-international) - [EllaiSys Team](https://github.com/ellaisys) (Original creators) - [Amit Dhongde](https://github.com/amitdhongde) License ------- [](#license) The MIT License (MIT). Please see [License File](LICENSE.md) for more information. ### Health Score 31 — LowBetter than 68% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity23 Limited adoption so far Community6 Small or concentrated contributor base Maturity59 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~13 days Recently: every ~5 days Total 21 Last Release 1776d ago PHP version history (4 changes)v0.1.0PHP ^7.2.5 v0.1.3PHP ^7.0 v0.9.0PHP ^7.4 v0.9.6PHP ^7.4|^8.0 ### Community Maintainers ![](https://www.gravatar.com/avatar/c6c214c0f24a71113216d206928568a7d06e944cdb2cf6920ce2f502064dd903?d=identicon)[qschmick](/maintainers/qschmick) --- Top Contributors [![qschmick](https://avatars.githubusercontent.com/u/5342767?v=4)](https://github.com/qschmick "qschmick (3 commits)") --- Tags aws-cognitocognitohacktoberfestlaravelphplaravelawsauthAuthenticationoauthCognitouser pool ### Code Quality TestsPHPUnit Code StylePHP CS Fixer ### Embed Badge ![Health badge](/badges/bluefyn-international-aws-cognito/health.svg) ``` [![Health](https://phpackages.com/badges/bluefyn-international-aws-cognito/health.svg)](https://phpackages.com/packages/bluefyn-international-aws-cognito) ``` ### Alternatives [ellaisys/aws-cognito AWS Cognito package that allows Auth and other related features using the AWS SDK for PHP 120220.7k1](/packages/ellaisys-aws-cognito)[auth0/login Auth0 Laravel SDK. Straight-forward and tested methods for implementing authentication, and accessing Auth0's Management API endpoints. 2745.0M3](/packages/auth0-login)[pmill/aws-cognito A PHP client for AWS Cognito user pools 74266.0k3](/packages/pmill-aws-cognito)[pallant/laravel-aws-cognito-auth An authentication driver for Laravel for authenticating users in AWS Cognito User Pools 777.7k](/packages/pallant-laravel-aws-cognito-auth)[kinde-oss/kinde-auth-php Kinde PHP SDK for authentication 2369.5k3](/packages/kinde-oss-kinde-auth-php)[benbjurstrom/cognito-jwt-guard A laravel auth guard for JSON Web Tokens issued by Amazon AWS Cognito 1113.1k](/packages/benbjurstrom-cognito-jwt-guard) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)