0

We have a website where users authenticate themselves using AWS Cognito. That has been implemented using Next Auth with the Cognito provider based of their example code. That is working fine. However, whenever a new potential lead (customer) fills out a particular form we ship that information off to an external API. That API is connected to the same Cognito client and user pool in AWS, and it creates a new user and performs some operations. In the response of this API we receive the newly created user's access token, refresh token and identity token. The reasoning behind this is that whenever a new lead is created they automatically gets assigned a user and we log them in behind the scenes. It is far from an ideal solution, I know, but our assignments doesn't allow for rethinking and rewriting the current setup.

My questions is how we should implement such a custom login flow. We want to validate the tokens in the API response and create a session using those tokens, much as a regular login flow would do.

I've included this simplified chart trying to explain the process. See link: Login flow chart

enesse
  • 13
  • 2

1 Answers1

1

For anyone encountering a similar issue, this is how we solved it: After receiving the id_token from the external service we do a router.push(...) (next/router) to our own authorization callback API endpoint with the id_token. In our case, it became:

/api/auth/callback/cognito?id_token={ID_TOKEN}
Jeremy Caney
  • 7,102
  • 69
  • 48
  • 77
enesse
  • 13
  • 2
  • Hi @enesse can you please elaborate what you did with the callback API endpoint. Are you simply passing id_token to the next-auth cognito callback handler or did you write your own? I'm passing the id_token to the same URL you're using and getting the error CALLBACK_OAUTH_ERROR. – JRedford Nov 10 '22 at 11:23