AWS Cognito Authentication using Auth0 as OpenID Connect Provider

Tomoaki Imai
4 min readAug 5, 2022

In many cases, we want to have access controls to our service. AWS Cognito provides us with a way to authorize users' access to AWS resources. While there are a few options for implementing authentication with Cognito(including AWS Amplify/Cognito User Pool), Auth0 has excellent benefits:

  • Simple yet customizable Universal login
  • Various integrations supported (Social providers, SSO, MFA)
  • Granular user/group management

In this article, I will explain how we can implement passwordless authentication using Auth0 and give access control using Cognito, built with CDK.

There is an official guide for integration, but I will cover details that are not explained in the document.

Authentication Flow

flow diagram

We are going to use Auth0 as an OpenID Connect provider. Auth0 authenticates the user and provides IdToken in JSON Web Token(JWT) format. The user then passes JWT to Cognito(Cognito Identity Pool), and Cognito validates the signature of JWT. If JWT is verified, then Cognito issues identity to that user and gives an…

--

--

Tomoaki Imai
Tomoaki Imai

Written by Tomoaki Imai

CTO at Noxx https://www.noxx.net/ AI hiring tool. FullStack developer and leader. Love to share ideas about software development. https://github.com/tomoima525