PHPackages                             efadah/laravel-cognito-auth - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. efadah/laravel-cognito-auth

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

efadah/laravel-cognito-auth
===========================

An auth provider for Laravel for AWS Cognito.

1.0.0(6y ago)04MITPHPPHP ^7.1CI failing

Since Sep 14Pushed 6y ago1 watchersCompare

[ Source](https://github.com/efadah/laravel-cognito-auth)[ Packagist](https://packagist.org/packages/efadah/laravel-cognito-auth)[ Docs](https://github.com/efadah/laravel-cognito-auth)[ RSS](/packages/efadah-laravel-cognito-auth/feed)WikiDiscussions master Synced yesterday

READMEChangelogDependencies (7)Versions (2)Used By (0)

Laravel Package to easily manage authentication with AWS Cognito
================================================================

[](#laravel-package-to-easily-manage-authentication-with-aws-cognito)

[![Latest Version on Packagist](https://camo.githubusercontent.com/3ac65b030fa9ab84ad590ed6425b4207eaaab0edcb2eb6d39dfe7173efe89ccf/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f626c61636b2d626974732f6c61726176656c2d636f676e69746f2d617574682e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/black-bits/laravel-cognito-auth)[![Total Downloads](https://camo.githubusercontent.com/7898bec0b727906a444a9cadea10480c33e3a6aed3d6234efd2ccc3ce27233d9/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f626c61636b2d626974732f6c61726176656c2d636f676e69746f2d617574682e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/black-bits/laravel-cognito-auth)[![StyleCI](https://camo.githubusercontent.com/649a8c64e20006918f2b67f5996f838c65e50253bce1b766c2ad76a3b89539e5/68747470733a2f2f7374796c6563692e696f2f7265706f732f3133373737393037332f736869656c64)](https://styleci.io/repos/137779073)

This package provides a simple way to use AWS Cognito authentication in Laravel. The idea of this package, and some of the code, is based on the package from Pod-Point which you can find here: [Pod-Point/laravel-cognito-auth](https://github.com/Pod-Point/laravel-cognito-auth). We decided to use it as a basis for our own package as we wanted to customize it in certain ways to fit our needs.

Currently we have the following features implemented in our package:

- Registration and Confirmation E-Mail
- Login
- Remember Me Cookie
- Single Sign On
- Forgot Password
- User Deletion
- Edit User Attributes
- Reset User Password
- Confirm Sign Up

### Disclaimer

[](#disclaimer)

*This package is currently in development and is not production ready.*

Installation
------------

[](#installation)

You can install the package via composer.

```
composer require black-bits/laravel-cognito-auth
```

#### Laravel 5.4 and before

[](#laravel-54-and-before)

Using a version prior to Laravel 5.5 you need to manually register the service provider.

```
// config/app.php
'providers' => [
    ...
    efadah\LaravelCognitoAuth\CognitoAuthServiceProvider::class,

];
```

Next you can publish the config and the view.

```
php artisan vendor:publish --provider="efadah\LaravelCognitoAuth\CognitoAuthServiceProvider"
```

Last but not least you want to change the auth driver. To do so got to your config\\auth.php file and change it to look the following:

```
'guards' => [
    'web' => [
        'driver' => 'cognito', // This line is important
        'provider' => 'users',
    ],
    'api' => [
        'driver' => 'token',
        'provider' => 'users',
    ],
],

```

Cognito User Pool
-----------------

[](#cognito-user-pool)

In order to use AWS Cognito as authentication provider, you require a Cognito User Pool.

If you haven't created one already, go to your [Amazon management console](https://console.aws.amazon.com/cognito/home) and create a new user pool.

Next, generate an App Client. This will give you the App client id and the App client secret you need for your `.env` file.

*IMPORTANT: Don't forget to activate the checkbox to Enable sign-in API for server-based Authentication. The Auth Flow is called: ADMIN\_NO\_SRP\_AUTH*

You also need a new IAM Role with the following Access Rights:

- AmazonCognitoDeveloperAuthenticatedIdentities
- AmazonCognitoPowerUser
- AmazonESCognitoAccess

From this user you can fetch the AWS\_COGNITO\_KEY and AWS\_COGNITO\_SECRET.

### Cognito API configuration

[](#cognito-api-configuration)

Add the following fields to your `.env` file and set the values according to your AWS settings:

```
AWS_COGNITO_KEY=
AWS_COGNITO_SECRET=
AWS_COGNITO_REGION=
AWS_COGNITO_CLIENT_ID=
AWS_COGNITO_CLIENT_SECRET=
AWS_COGNITO_USER_POOL_ID=
AWS_COGNITO_DELETE_USER=

```

### Importing existing users into the Cognito Pool

[](#importing-existing-users-into-the-cognito-pool)

If you are already working on an existing project and want to integrate Cognito you have to [import a user csv file to your Cognito Pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-using-import-tool.html).

Usage
-----

[](#usage)

Our package is providing you 4 traits you can just add to your Auth Controllers to get our package running.

- efadah\\LaravelCognitoAuth\\Auth\\AuthenticatesUsers
- efadah\\LaravelCognitoAuth\\Auth\\RegistersUsers
- efadah\\LaravelCognitoAuth\\Auth\\ResetsPasswords
- efadah\\LaravelCognitoAuth\\Auth\\SendsPasswordResetEmails

In the simplest way you just go through your Auth Controllers and change namespaces from the traits which are currently implemented from Laravel.

During the publishing process of our package you created a view which you will find under `Resources/views/vendor/black-bits/laravel-cognito-auth`.

You can change structure to suit your needs. Please be aware of the @extend statement in the blade file to fit into your project structure. At the current state you need to have those 4 form fields defined in here. Those are `token`, `email`, `password`, `password_confirmation`.

Single Sign-On
--------------

[](#single-sign-on)

With our package and AWS Cognito we provide you a simple way to use Single Sign-Ons. For configuration options take a look at the config [cognito.php](/config/cognito.php).

To enable single sign-on you can set USE\_SSO to true in your .env file.

```
USE_SSO=true

```

When you have SSO enabled in your config and a user tries to login into your application we will check if the user exists in your Cognito pool. If the user exists, he will be created automatically in your database and is logged in simultaneously.

That's what we use the fields `sso_user_model` and `sso_user_fields` for. In `sso_user_model` you define the class of your user model. In most cases this will simply be *App\\User*.

With `sso_user_fields` you can define the fields which should be stored in Cognito. Put attention here. If you define a field which you do not send with the Register Request this will throw you an InvalidUserFieldException and you won't be able to register.

Now that you have registered your users with their attributes in the Cognito pool and your database and you want to attach a second app which should use the same pool. Well, that's actually pretty easy. You set up your project like you are used to and install our laravel-cognito-auth package. On both sites set `use_sso` to true. Be sure you entered exactly the same pool id. Now when a user is registered in your other app but not in your second app and wants to login he gets created. That's all you need to do.

*IMPORTANT: if your users table has a password field you are not going to need this anymore. What you want to do is set this field to be nullable, so that users can be created without passwords. From now on, Passwords are stored in Cognito. Any additional registration data you have, for example `firstname`, `lastname` needs to be added in [cognito.php](/config/cognito.php) sso\_user\_fields config to be pushed to Cognito. Otherwise they are only stored locally and are not available if you want to use Single Sign On's.*

Registering Users
-----------------

[](#registering-users)

As a default, if you are registering a new user with Cognito, Cognito will send you an email during signUp were the user can verify themselves. If the user now clicks on the link in the email he will be redirected to a confirmation page which is provided by Cognito. In most cases, this is not you what you want. You want the user to stay on your page.

We have found a neat way to get around this default behaviour.

1. You need to create an extra field for the user where you want to store the verification token. This field has to be nullable.
2. Create an Event Listener that listens for Registered Event which is fired after the user has been registered.
3. In this event listener, you generate a token and store that in the field you created above.
4. You create an email and send that token, stored in a link, to the user.
5. The link should point to a controller action where you first check if a user with this token exists. If such a exists in the database you make a call to Cognito and set the user Attributes to email\_verified true and confirm the signUp.

    ```
    ```
     public function verifyEmail(
            $token,
            CognitoClient $cognitoClient,
            CognitoUserPropertyAccessor $cognitoUserPropertyAccessor
        ) {
            $user = User::whereToken($token)->firstOrFail();

            $user->token = null;
            $user->save();

            $cognitoClient->setUserAttributes($user->email, [
                'email_verified' => 'true',
            ]);

            if ($cognitoUserPropertyAccessor->getUserStatus($user->email) != 'CONFIRMED') {
                $cognitoClient->confirmSignUp($user->email);
                return response()->redirectToRoute('login');
            }

            return response()->redirectToRoute('dashboard');
        }
    ```

    ```
6. Now you need to turn off Cognito to send you emails. Go into your AWS account and navigate to the Cognito section. Select your user pool and click on `MFA and verifications` You will see a headline: `Do you want to require verification of emails or phone numbers?`You have to remove all checked fields here. Once done, you should see a red alert: `You have not selected either email or phone number verification, so your users will not be able to recover their passwords without contacting you for support.`
7. Now you have told Cognito to stop sending you messages when a user registers on your app and you can handle it all by yourself.

As a sidenote: Password Forgot Emails will still be triggered through Cognito. You cannot turn them off, so make sure to style those emails to suit your needs. Also make sure to send the email from a proper FROM address.

Delete User
-----------

[](#delete-user)

If you want to give your users the ability to delete themselves from your app you can use our deleteUser function from the CognitoClient.

To delete the user you should call deleteUser and pass the email of the user as a parameter to it. After the user has been deleted in your cognito pool, delete your user from your database too.

```
    $cognitoClient->deleteUser($user->email);
    $user->delete();

```

We have implemented a new config option `delete_user`, which you can access through `AWS_COGNITO_DELETE_USER` env var. If you set this config to true, the user is deleted in the Cognito pool. If it is set to false, it will stay registered. Per default this option is set to false. If you want this behaviour you should set USE\_SSO to true to let the user restore themselves after a successful login.

To access our CognitoClient you can simply pass it as a parameter to your Controller Action where you want to perform the deletion.

```
    public function deleteUser(Request $request, CognitoClient $cognitoClient)

```

Laravel will take care of the dependency injection by itself.

```
    IMPORTANT: You want to secure this action by maybe security questions, a second delete password or by confirming
    the email address.

```

### Changelog

[](#changelog)

Please see [CHANGELOG](CHANGELOG.md) for more information on what has changed recently.

### Security

[](#security)

If you discover any security related issues, please email  instead of using the issue tracker.

Credits
-------

[](#credits)

- [Oliver Heck](https://github.com/oheck)
- [Andreas Przywara](https://github.com/aprzywara)
- [Adrian Raeuchle](https://github.com/araeuchle)
- [All Contributors](../../contributors)

Support us
----------

[](#support-us)

Black Bits, Inc. is a web and consulting agency specialized in Laravel and AWS based in Grants Pass, Oregon. You'll find an overview of what we do [on our website](https://efadah.io).

License
-------

[](#license)

The MIT License (MIT). Please see [License File](LICENSE.md) for more information.

###  Health Score

23

—

LowBetter than 27% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity3

Limited adoption so far

Community7

Small or concentrated contributor base

Maturity53

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Unknown

Total

1

Last Release

2433d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/5113e910964b5e788a644ec961197df00ec6320ed5c6fd30a7bc50e6f6fe675a?d=identicon)[ahmd](/maintainers/ahmd)

---

Top Contributors

[![ahmedalarifi](https://avatars.githubusercontent.com/u/16345965?v=4)](https://github.com/ahmedalarifi "ahmedalarifi (1 commits)")

---

Tags

AWS CognitoAuth Providerefadah

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/efadah-laravel-cognito-auth/health.svg)

```
[![Health](https://phpackages.com/badges/efadah-laravel-cognito-auth/health.svg)](https://phpackages.com/packages/efadah-laravel-cognito-auth)
```

###  Alternatives

[tymon/jwt-auth

JSON Web Token Authentication for Laravel and Lumen

11.5k49.1M350](/packages/tymon-jwt-auth)[php-open-source-saver/jwt-auth

JSON Web Token Authentication for Laravel and Lumen

8359.8M53](/packages/php-open-source-saver-jwt-auth)[laragear/two-factor

On-premises 2FA Authentication for out-of-the-box.

339785.3k8](/packages/laragear-two-factor)[laravel/pulse

Laravel Pulse is a real-time application performance monitoring tool and dashboard for your Laravel application.

1.7k12.1M99](/packages/laravel-pulse)[roots/acorn

Framework for Roots WordPress projects built with Laravel components.

9682.1M97](/packages/roots-acorn)[aedart/athenaeum

Athenaeum is a mono repository; a collection of various PHP packages

245.2k](/packages/aedart-athenaeum)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)