Need help with amazon-cognito-auth-js?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

421 Stars 235 Forks Apache License 2.0 125 Commits 112 Opened issues


The Amazon Cognito Auth SDK for JavaScript simplifies adding sign-up, sign-in with user profile functionality to web apps.

Services available


Need anything else?

Contributors list

Amazon Cognito Auth SDK for JavaScript

NOTE: We have discontinued developing this library as part of this GitHub repository. You can still reach us by creating an issue on the AWS Amplify GitHub repository or posting to the Amazon Cognito Identity forums.

Read more about OAuth flows with Amplify JS

You can now use Amazon Cognito Auth to easily add sign-in and sign-out to your mobile and web apps. Your user pool in Amazon Cognito is a fully managed user directory that can scale to hundreds of millions of users, so you don't have to worry about building, securing, and scaling a solution to handle user management and authentication.

For more information about this new feature, see Amazon Cognito User Pools App Integration and Federation GA Release.

We welcome developer feedback on this project. You can reach us by creating an issue on the GitHub repository or posting to the Amazon Cognito Identity forums:


The Amazon Cognito Auth SDK for JavaScript simplifies adding sign-up, sign-in with user profile functionality to web apps.

Instead of implementing a UI for sign-up and sign-in, this SDK provides the UI via a hosted page. It supports sign-up, sign-in, confirmation, multifactor authentication, and sign-out.


There are two ways to install the Amazon Cognito Auth SDK for JavaScript and its dependencies, depending on your project setup and experience with modern JavaScript build tools:

  • Download the JavaScript libraries and include them in your HTML, or

  • Install the dependencies with npm and use a bundler like webpack.

Install using separate JavaScript files

This method is simpler and does not require additional tools, but may have worse performance due to the browser having to download multiple files.

Download the following JavaScript file for the required library and place it in your project:

  1. The Amazon Cognito Auth SDK for JavaScript, from

Optionally, to use other AWS services, include a build of the

AWS SDK for JavaScript

Include all of the files in your HTML page before calling any Amazon Cognito Auth SDK APIs:

Using NPM and Webpack

The following is a quick setup guide with specific notes for using the Amazon Cognito Auth SDK for JavaScript with Webpack, but there are many more ways it can be used. See the Webpack site, and in particular the configuration documentation

Note that webpack expects your source files to be structured as CommonJS (Node.js-style) modules (or ECMAScript 2015 modules if you are using a transpiler such as Babel.) If your project is not already using modules you may wish to use Webpack's module shimming features to ease migration.

  • Install Node.js on your development machine (this will not be needed on your server.)
  • In your project add a
    , either use
    npm init
    or the minimal, which means your repository is private:
"private" : true
  • Install the Amazon Cognito Auth SDK for JavaScript and the Webpack tool into your project with
    (the Node Package Manager, which is installed with Node.js):
> npm install --save-dev webpack json-loader
> npm install --save amazon-cognito-auth-js
  • Create the configuration file for
    , named
module.exports = {
  // Example setup for your project:
  // The entry module that requires or imports the rest of your project.
  // Must start with `./`!
  entry: './src/entry',
  // Place output files in `./dist/my-app.js`
  output: {
    path: 'dist',
    filename: 'my-app.js'
  module: {
    loaders: [
        test: /\.json$/,
        loader: 'json'
  • Add the following into your
  "scripts": {
    "build": "webpack"
  • Build your application bundle with
    npm run build


The Amazon Cognito Auth SDK for JavaScript requires three configuration values from your AWS Account in order to access your Cognito User Pool:

  • An User Pool App Client Id (required): e.g.
    • When creating the App, if the generate client secret box was checked, for /oauth2/token endpoint which gets the user's tokens, the client must pass its clientid and clientsecret in the authorization header. For more info, please reference here.
  • An App Web Domain (required): e.g.
    • When you click the
      Domain name
      tab, you can create a domain name there and save it for record.
  • Scope Array (required):
    ['phone', 'email', 'profile','openid', 'aws.cognito.signin.user.admin']
    (to get more info about scope, please reference "scope" section of our doc)
    • When you click the
      App settings
      tab, you can select the identity provider which you want to use on your App.
    • In the
      sign in and sign out URLs
      tab, you can set the
      Callback URLs
      Sign out URLs
      . (both are required)
    • Under the
      tab, you can select the OAuth flows and scopes enabled for this app. (both are required)
  • IdentityProvider (Optional): Pre-selected identity provider (this allows to automatically trigger social provider authentication flow).e.g.
  • UserPoolId (Optional): e.g.
  • AdvancedSecurityDataCollectionFlag (Optional): boolean flag indicating if the data collection is enabled to support cognito advanced security features. By default, this flag is set to true.
  • Storage (Optional): Storage provider used to store session data. By default, it uses localStorage if available or an in-memory structure.
  • LaunchUri (Optional): A function called to launch an Uri. By default it uses window.location in browsers, and the Linking class in react native.

The AWS Console for Cognito User Pools can be used to get or create these values.

Note that the various errors returned by the service are valid JSON so one can access the different exception types (err.code) and status codes (err.statusCode).


The usage examples below use the unqualified names for types in the Amazon Cognito Auth SDK for JavaScript. Remember to import or qualify access to any of these types:

// When using loose Javascript files:
var CognitoAuth = AmazonCognitoIdentity.CognitoAuth;

// Modules, e.g. Webpack: var AmazonCognitoIdentity = require('amazon-cognito-auth-js'); var CognitoAuth = AmazonCognitoIdentity.CognitoAuth;

// ES Modules, e.g. transpiling with Babel import {CognitoAuth} from 'amazon-cognito-auth-js';

Use case 1. Registering an auth with the application. You need to create a CognitoAuth object by providing a App client ID, a App web domain, a scope array, a sign-in redirect URL, and a sign-out redirect URL: (Identity Provider, UserPoolId and AdvancedSecurityDataCollectionFlag are optional values)

  Valid values are found under:
  AWS Console -> User Pools ->  -> App Integration -> App client settings
  Example values: ['profile', 'email', 'openid', 'aws.cognito.signin.user.admin', 'phone']

RedirectUriSignOut This value must match the value specified under: AWS Console -> User Pools -> -> App Integration -> App client settings -> Sign out URL(s) */ var authData = { ClientId : '<todo: add clientid>', // Your client id here AppWebDomain : '<todo: add app web domain>', TokenScopesArray : ['<todo: add scope array>'], // e.g.['phone', 'email', 'profile','openid', 'aws.cognito.signin.user.admin'], RedirectUriSignIn : '<todo: add redirect url when signed in>', RedirectUriSignOut : '<todo: add redirect url when signed out>', IdentityProvider : '<todo: add identity provider you want to specify>', // e.g. 'Facebook', UserPoolId : '<todo: add userpoolid>', // Your user pool id here AdvancedSecurityDataCollectionFlag : '<todo: boolean value indicating whether you want to enable advanced security data collection>', // e.g. true Storage: '' // OPTIONAL e.g. new CookieStorage(), to use the specified storage provided }; var auth = new AmazonCognitoIdentity.CognitoAuth(authData);

Also you can provide onSuccess callback and onFailure callback:

auth.userhandler = {
    onSuccess: function(result) {
        alert("Sign in success");
    onFailure: function(err) {

You can also set


Use case 2. Sign-in using


For the cache tokens and scopes, use the

API, e.g. the response is the current window url:
var curUrl = window.location.href;

Typically, you can put this part of logic in the

, e.g.:
function onLoad() {
    var auth = initCognitoSDK();
    var curUrl = window.location.href;

Use case 3. Sign-out using


Important to know

By default, the SDK uses implicit flow(token flow), if you want to enable authorization code grant flow, you need to call useCodeGrantFlow(). For example, please check our sample index.html, in that file, you need to uncomment "auth.useCodeGrantFlow()".
Also, when you meet some problems using our SDK, please make sure you downloaded the lastest version directly from Github repo.

Change Log


  • Use window.crypto if available (#224)


  • Add arrow function babel transform for ES build (#187)


  • Fix transpiling (#185)


  • Add support for react native (#182)
  • Call onFailure for code flow too (#135)
  • useCodeGrantFlow calls twice (throws 'Cannot open, already sending') (#74)


  • To add newest /es and /lib folders.


  • To add exporting cookieStorage in index.js.


  • To update with dist/ build files from update of last version.


  • To add Cookie storage and Storage as an option.


  • To merge in fixing tokens being empty strings when refreshing the browser of a single page application.


  • To sync with NPM version.


  • Remove
    onFailure() callback to make sure sample APP works correctly.


  • Merged in library files.


  • Added support for avoiding a bug exists when sign in with Google or facebook and parse the web response.


  • Added
    onFailure() callback and fixed the
    when using implicit grant flow.


  • Removed the dependency on the
    service from the AWS SDK for JavaScript.


  • Updated doc and uploaded


  • Added
    API method and support for developers to set state parameter. Also uploaded


  • Bug fix, username should be updated when caching tokens and scopes.


  • Added support for Cognito Advanced Security.


  • With multiple bug fixes.


  • GA release. In this GA service launch, we made this feature generally available.


  • Public beta release. Developer preview.

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.