Authentication is one of the most complex parts of developing applications. It's also one of the most important because it's how you know who you're dealing with. When building a platform, authentication is even more crucial—you need to ensure that only people who are supposed to be accessing your service can do so.
There are many different ways to go about it, but today we'll discuss how to use AWS Cognito, Passport, and NestJs to create an authentication system for your app. This is a beginner tutorial, and it should take you a long to better understand authentication with cloud providers.
But first, let's look at this diagram to see how everything will be connected:
Aws Cognito
Aws Cognito is an Amazon service that can provide authentication, authorization, and user management out of the box, and you can learn more about it here
The first step is setting up your AWS account; if you don't have one, you can sign up for one here. Also, you can see the related costs with each service on that page.
After we have our account, we will search for the Cognito service like so:
Let's click Create user pool
, on step1 let's keep the Cognito user pool checked and choose only the email to sign in:
On the configure security requirements, let's disabled MFA because it will add unnecessary complexity to this guide.
When configuring the sign-up experience, let's add the name
to the required attributes.
In the next step for configuring the message delivery, let's send emails with Cognito.
On the app integration, we named our poll pokemon-app
, and we created a new app client name called node-app
, going with the default values for now.
In our last step, let's verify everything is correct and create the user poll.
Next, select the user pool in the table, go for the app integration tab, and create a Cognito domain. (I've used https://pokemon-app.auth.us-east-1.amazoncognito.com
)
We should save the Cognito Domain and the Client ID value for later usage in the guide.
Let's change the content from the verification email to a link:
Now let's grant Cognito access to our user; let's search for IAM, the service to manage access to AWS resources:
If you already have a user select the user and click Add permissions
go for the Attach existing policies directly
separator and search for AmazonEsCognitoAccess
:
Select the policy next, and assign it to the user.
If you don't have a user, you must set up one and add the security policy. (You can set the policy on the second step when creating a new one)
In the next part, we will set up our next js project and integrate it with Cognito. Please stay tuned 😊
Top comments (3)
Great article, I learnt a lot following your guide...thanks for this.
thank you, found it super helpful.
Thanks for this, Fausto!