AWS Cognito Authentication using Auth0 as OpenID Connect Provider
In many cases, we want to have access controls to our service. AWS Cognito provides us with a way to authorize users' access to AWS resources. While there are a few options for implementing authentication with Cognito(including AWS Amplify/Cognito User Pool), Auth0 has excellent benefits:
- Simple yet customizable Universal login
- Various integrations supported (Social providers, SSO, MFA)
- Granular user/group management
In this article, I will explain how we can implement passwordless authentication using Auth0 and give access control using Cognito, built with CDK.
There is an official guide for integration, but I will cover details that are not explained in the document.
Authentication Flow
We are going to use Auth0 as an OpenID Connect provider. Auth0 authenticates the user and provides IdToken in JSON Web Token(JWT) format. The user then passes JWT to Cognito(Cognito Identity Pool), and Cognito validates the signature of JWT. If JWT is verified, then Cognito issues identity to that user and gives an…