PHPackages rleekg/craft-cognito-auth - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. rleekg/craft-cognito-auth ActiveCraft-plugin[Authentication & Authorization](/categories/authentication) rleekg/craft-cognito-auth ========================= Enable authentication to Craft using AWS Cognito 01PHP Since Apr 8Pushed 1y agoCompare [ Source](https://github.com/rleekg/craft-cognito)[ Packagist](https://packagist.org/packages/rleekg/craft-cognito-auth)[ RSS](/packages/rleekg-craft-cognito-auth/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependenciesVersions (1)Used By (0) [![Logo](resources/img/plugin-logo.png)](resources/img/plugin-logo.png) Craft Cognito Auth plugin ========================= [](#craft-cognito-auth-plugin) Enable authentication to Craft using [AWS Cognito](https://aws.amazon.com/cognito/). Overview -------- [](#overview) This plugin enables requests to Craft to be securely authenticated in the presence of a **Cognito JWT** that can be successfully verified as matching a JWKS signature. > JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties. > > \-- [jwt.io](https://jwt.io/) Features -------- [](#features) - Create and verify users with Cognito. - Authenticate requests to Craft from mobile apps and websites via JWT. - SAML Authentication. Requirements ------------ [](#requirements) This plugin requires Craft CMS 3.7 or later. Installation ------------ [](#installation) 1. Follow the [Craft CMS documentation](https://craftcms.com/docs/nitro/2.x/plugin-development.html) to set up your local Craft instance. 2. Load the plugin with Composer: `nitro composer require levinriegner/craft-cognito-auth` 3. On your browser, open your local Craft Control Panel, navigate to Settings → Plugins, and click the "Install" button for Craft Cognito Auth. Configuration ------------- [](#configuration) Navigate to the settings page of the plugin and enter required settings to activate the plugin: SettingDescription**General configuration**`Auto create user`Optional. Enable to auto-create a public user when provided a verifiable JWT.**Cognito configuration**`Enable JWT token handling`Optional. Enable to automatically parse incoming JWT tokens and try to login the user`AWS Cognito region`Mandatory. AWS cognito region.`AWS Cognito app client id`Mandatory. AWS Cognito app client id (under App integration -> app client settings).`AWS Cognito user pool id`Mandatory. AWS Cognito user pool id (under General settings).`JSON Web Key Set URL`Mandatory. JSON Web Key Set URL (JWKS), used for verifying incoming Cognito JWTs.**SAML configuration**`SAML token handling`Optional. Enable to automatically parse incoming SAML tokens and try to login the user`SAML Certificate`Mandatory. Your SAML Certificate, used for verifying incoming SAML messages`SAML Login URL`Mandatory. The SAML IdP login URLThis plugin asumes AWS Cognito is configured so that [users sign up and sign in with email instead of username](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-aliases-settings-option-2) and that the App client being used has the sign-in API for server-based authentication (ADMIN\_NO\_SRP\_AUTH) enabled as stated in the [AWS docs](https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow.html?icmpid=docs_cognito_console#amazon-cognito-user-pools-server-side-authentication-flow) Usage ----- [](#usage) The plugin will attempt to verify any incoming requests with a JWT present in the `Authentication` header with a `Bearer` prefix, or with the simpler `X-Access-Token` header value. An example: ``` # With Authorization: Bearer curl --header "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.XbPfbIHMI6arZ3Y922BhjWgQzWXcXNrz0ogtVhfEd2o" MYCRAFTSITE.com # With X-Access-Token curl --header "X-Access-Token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.XbPfbIHMI6arZ3Y922BhjWgQzWXcXNrz0ogtVhfEd2o" MYCRAFTSITE.com ``` The plugin will attempt to verify the token using the [lcobucci/jwt](https://github.com/lcobucci/jwt) package for PHP. The package adheres to the [IANA specifications](https://www.iana.org/assignments/jwt/jwt.xhtml) for JWTs. If a provided token can be verified AND can be matched to a user account with a username matching the provided `sub` key, the user will be authenticated and the request allowed to continue. If the token is verifiable but a matching user account does NOT exist, but the `Auto create user` setting is enabled AND public registration is enabled in the Craft settings, a new user account will be created on-the-fly and the new user then logged in. This plugin provides example templates for you to use as a reference when building out your authentication solution. The example templates can by found in the [templates](templates/) folder. Deployment ---------- [](#deployment) 1. Update version number in `composer.json`. 2. Add a new entry in `CHANGELOG.md` documenting the changes made. 3. Push a new tag matching the new version number with the following format: `vX.Y.Z`. Contributing ------------ [](#contributing) Contributions are most welcome! Feel free to open a new issue or pull request to make this project better. Credits ------- [](#credits) A big thank you to: - [craft-jwt-auth](https://github.com/edenspiekermann/craft-jwt-auth) - Copyright (c) 2019 Mike Pierce [MIT License](https://github.com/edenspiekermann/craft-jwt-auth/blob/develop/LICENSE.md) for the initial codebase. - [@goraxan](https://github.com/goraxan) for the ongoing development. License ------- [](#license) This repo is covered under the [MIT License](LICENSE). ### Health Score 15 — LowBetter than 3% of packages Maintenance35 Infrequent updates — may be unmaintained Popularity1 Limited adoption so far Community12 Small or concentrated contributor base Maturity15 Early-stage or recently created project Bus Factor1 Top contributor holds 80% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Community Maintainers ![](https://www.gravatar.com/avatar/dee3544f5bf1afbc07c0c15f05d348916a97326ca91245762cef94334950dabe?d=identicon)[rleekg](/maintainers/rleekg) --- Top Contributors [![goraxan](https://avatars.githubusercontent.com/u/8337784?v=4)](https://github.com/goraxan "goraxan (48 commits)")[![brookepaxman](https://avatars.githubusercontent.com/u/25291805?v=4)](https://github.com/brookepaxman "brookepaxman (4 commits)")[![ileider](https://avatars.githubusercontent.com/u/625042?v=4)](https://github.com/ileider "ileider (3 commits)")[![Alqueraf](https://avatars.githubusercontent.com/u/6831557?v=4)](https://github.com/Alqueraf "Alqueraf (2 commits)")[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (2 commits)")[![rleekg](https://avatars.githubusercontent.com/u/2525179?v=4)](https://github.com/rleekg "rleekg (1 commits)") ### Embed Badge ![Health badge](/badges/rleekg-craft-cognito-auth/health.svg) ``` [![Health](https://phpackages.com/badges/rleekg-craft-cognito-auth/health.svg)](https://phpackages.com/packages/rleekg-craft-cognito-auth) ``` ### Alternatives [namshi/jose JSON Object Signing and Encryption library for PHP. 1.8k99.6M101](/packages/namshi-jose)[league/oauth1-client OAuth 1.0 Client Library 99698.8M106](/packages/league-oauth1-client)[bezhansalleh/filament-shield Filament support for `spatie/laravel-permission`. 2.8k2.9M88](/packages/bezhansalleh-filament-shield)[gesdinet/jwt-refresh-token-bundle Implements a refresh token system over Json Web Tokens in Symfony 70516.4M35](/packages/gesdinet-jwt-refresh-token-bundle)[league/oauth2-google Google OAuth 2.0 Client Provider for The PHP League OAuth2-Client 41721.2M118](/packages/league-oauth2-google)[illuminate/auth The Illuminate Auth package. 9327.3M1.0k](/packages/illuminate-auth) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)