Configuring AWS Amplify to use a proxy server for Cognito

Question

I want to setup a service which is accessible from AWS Amplify, that acts as a proxy service to AWS Cognito. The point being, that such a service would provide greater flexibility, along with the option of swapping Cognito out, further down the road, for an alternative identity provider (like, say Okta).

With this in mind, is it possible to configure AWS Amplify to use a different endpoint than the default used for Cognito/Auth (i.e. currently this is hardcoded to https:/ /cognito-ipd.<region>.amazonaws.com)

If not, can you think of a workaround?

Note: there does not appear to be anything obvious in the docs (https://docs.amplify.aws/lib/client-configuration/configuring-amplify-categories/q/platform/js/#top-level-configuration)

score 0 · Answer 1 · answered Jul 29 '22 at 00:11

Looks like AWS encourages proxies in front of Cognito when applicable.

https://aws.amazon.com/blogs/security/protect-public-clients-for-amazon-cognito-by-using-an-amazon-cloudfront-proxy/

If you’re using AWS Amplify, you can change the endpoint in the aws-exports.js file by overriding the property aws_cognito_endpoint. Or, if you configure Amplify Auth in your code, you can provide the endpoint as follows.

Amplify.Auth.configure({
  userPoolId: '<USER-POOL-ID>',
  userPoolWebClientId: '<APP-CLIENT-ID>',
  endpoint: 'https://<CF-DISTRIBUTION-DOMAIN>'
});

Configuring AWS Amplify to use a proxy server for Cognito

1 Answers1