PHPackages fishdaa/cognito-jwt-guard - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. fishdaa/cognito-jwt-guard ActiveLaravel[Authentication & Authorization](/categories/authentication) fishdaa/cognito-jwt-guard ========================= A laravel auth guard for JSON Web Tokens issued by Amazon AWS Cognito forked from benbjurstrom/cognito-jwt-guard 1.0.1(2mo ago)030↑200%MITPHPPHP >=7.4CI failing Since Feb 27Pushed 2mo agoCompare [ Source](https://github.com/fishdaa/cognito-jwt-guard)[ Packagist](https://packagist.org/packages/fishdaa/cognito-jwt-guard)[ Docs](https://github.com/fishdaa/cognito-jwt-guard)[ RSS](/packages/fishdaa-cognito-jwt-guard/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (2)Dependencies (9)Versions (3)Used By (0) Cognito JWT Guard ================= [](#cognito-jwt-guard) Laravel authorization guard for JSON Web Tokens issued by Amazon AWS Cognito This project is fork of [benbjurstrom/cognito-jwt-guard](https://github.com/benbjurstrom/cognito-jwt-guard) which appears to be abandoned. Overview -------- [](#overview) This package provides a Laravel authentication guard to validate JSON Web Tokens (JWT) issued by the configured AWS Cognitio User Pool. The guard accepts tokens passed through the Authorization header or set as a CognitoIdentityServiceProvider cookie. Once the token has been validated against the pool’s public key the guard will look for a Laravel user with a cognito\_uuid value equal to the username property contained in the token. If a local Laravel user is found the guard will authenticate them for the duration of the request. If one is not found and Single Sign-On is enabled this package will create a new Laravel user. Note that this package does not provide methods for exchanging a username and password for a token. As such it is intended to be used with Laravel API-driven applications where the client would either obtain the token directly from Cognito or through a dedicated application responsible for authentication. Installation ------------ [](#installation) You can install the package using composer ``` composer require fishdaa/cognito-jwt-guard ``` Next publish the [migration](https://github.com/fishdaa/cognito-jwt-guard/blob/master/database/migrations/add_cognito_uuid_to_users_table.php.stub) and the [config/cognito.php](https://github.com/fishdaa/cognito-jwt-guard/blob/master/config/cognito.php) config file with: ``` php artisan vendor:publish --provider="Fishdaa\CognitoGuard\CognitoServiceProvider" ``` Next go ahead and run your migrations. This will add the required cognito\_uuid property to your users table ``` php artisan migrate ``` Add your AWS Cognito user pool's identifier and region to the `.env` file ``` AWS_COGNITO_REGION= AWS_COGNITO_USER_POOL_ID= ``` You will also need to change the auth driver in your config/auth.php file ``` // config/auth.php 'guards' => [ 'web' => [ 'driver' => 'session', 'provider' => 'users', ], 'api' => [ 'driver' => 'cognito', // This line is important 'provider' => 'users', ], ], ``` Finally, depending on how you configured your Cognito User Pool's required attributes you may also want to make adjustments to your Single Sign-On settings in the published config/cognito.php file ``` // config/cognito.php /* |-------------------------------------------------------------------------- | Single Sign-On Settings |-------------------------------------------------------------------------- | If sso is true the cognito guard will automatically create a new user | record anytime the username attribute contained in a validated JWT | does not already exist in the users table. | | The new user will be created with the user attributes listed here | using the values stored in the given cognito user pool. Each attribute | listed here must be set as a required attribute in your cognito user | pool. | | When sso_repository_class is set this package will pass a new instance | of the the auth provider's user model to the given class's | createCognitoUser method. The users model will be hydrated with the given | sso_user_attributes before it is passed. */ 'sso' => env('SSO', false), 'sso_repository_class' => null, 'sso_user_attributes' => [ 'name', 'email', ] ``` Configuring an sso\_repository\_class is optional but doing so allows you to modify the new user record before it is saved or to dispatch events. An example sso\_repository\_class might look like this: ```