cognito-passport-oauth2

v1.3.1

A passport strategy to authenticate against an AWS Cognito User Pool OAuth 2.0 provider and get user profile, access token and ID token. This supports providing cognito specific additional auth parameters. This is subclass of passport-oauth2 strategy. For more information about how to use this package see README

Latest version published 2 months ago

License: MIT

NPM

GitHub

Package Health Score

70 / 100

security
No known security issues
popularity
Recognized
maintenance
Healthy
community
Limited

Explore Similar Packages

Security

No known security issues

All security vulnerabilities belong to production dependencies of direct and indirect packages.

Security and license risk for significant versions

All Versions

Version				Vulnerabilities	License Risk
1.3.1	\|	01/2025	Popular	0 C 0 H 0 M 0 L	0 H 0 M 0 L
1.2.0	\|	01/2025		0 C 0 H 0 M 0 L	0 H 0 M 0 L
1.0.6	\|	03/2020		0 C 0 H 0 M 0 L	0 H 0 M 0 L
1.1.6	\|	03/2020		0 C 0 H 0 M 0 L	0 H 0 M 0 L

License

MIT

Security Policy

Is your project affected by vulnerabilities?

Scan your projects for vulnerabilities. Fix quickly with automated fixes. Get started with Snyk for free.

Get started free

Popularity

Recognized

Weekly Downloads (53,230)

GitHub Stars: 2
Forks: 1
Contributors: 4

Direct Usage Popularity

The npm package cognito-passport-oauth2 receives a total of 53,230 downloads a week. As such, we scored cognito-passport-oauth2 popularity level to be Recognized.

Based on project statistics from the GitHub repository for the npm package cognito-passport-oauth2, we found that it has been starred 2 times.

Downloads are calculated as moving averages for a period of the last 12 months, excluding weekends and known missing data points.

Community

Limited

Readme.md: Yes
Contributing.md: No
Code of Conduct: No
Contributors: 4
Funding: No

This project has seen only 10 or less contributors.

We found a way for you to contribute to the project! Looks like cognito-passport-oauth2 is missing a Code of Conduct.

Embed Package Health Score Badge

Maintenance

Healthy

Commit Frequency

Open Issues: 1
Open PR: 0
Last Release: 2 months ago
Last Commit: 2 months ago

Further analysis of the maintenance status of cognito-passport-oauth2 based on released npm versions cadence, the repository activity, and other data points determined that its maintenance is Healthy.

We found that cognito-passport-oauth2 demonstrates a positive version release cadence with at least one new version released in the past 3 months.

In the past month we didn't find any pull request activity or change in issues status has been detected for the GitHub repository.

Keep your project healthy

Check your package.json

Ensure all the packages you're using are healthy and well-maintained

Snyk Vulnerability Scanner

Get health score & security insights directly in your IDE

Package

Node.js Compatibility: not defined

Age: 5 years
Dependencies: 2 Direct
Versions: 13
Install Size: 13.7 kB
Dist-tags: 1
# of Files: 14
Maintainers: 1
TS Typings: No

cognito-passport-oauth2 has more than a single and default latest tag published for the npm package. This means, there may be other tags available for this package, such as next to indicate future releases, or stable to indicate stable releases.

Readme

cognito-passport-oauth2

Passport Cognito OAuth2 strategy for AWS Cognito User Pools. This supports providing congnito specific additional auth parameters. This is subclass of passport-oauth2 strategy.

Install

$ npm i cognito-passport-oauth2

Create Strategy

The strategy takes a verify function, auth options, and optional additional auth params. Find simple working example here.

const passport = require('passport'),
CognitoOAuth2Strategy = require('cognito-passport-oauth2');

passport.serializeUser(function (user, done) {
    done(null, user);
});

passport.deserializeUser(async function (user, done) {
    done(null, user);
});

const options = {
    callbackURL: 'https://localhost:4001/auth/callbacks', //Your callback url
    clientDomain: 'https://yourdomain.auth.eu-west-1.amazoncognito.com', //Your cognito user pool domain
    clientID: 'your cognito app client id',
    clientSecret: 'your cognito app client secret',
    region: 'eu-west-1', //your region
    passReqToCallback: true
};

//Indicates the provider that the end user should authenticate with. 
//You can as well provide other custom auth params 
const customOptions = { identity_provider: 'your idp name' };
 
 async function verify(req, accessToken, refreshToken, { id_token }, profile, done) //if you need id_token, use this signature
 or   
 async function verify(req, accessToken, refreshToken, profile, done) {
    //Your additional user logic

    let sessionData = {
        username: profile.username
        //additional props
    }

    return done(null, sessionData);
};

passport.use('cognito', new CognitoOAuth2Strategy(options, verify, customOptions));
or 
passport.use('cognito', new CognitoOAuth2Strategy(options, verify)); //go to default cognito login page and let user choose the idp

Configure Route to Invoke Auth Requests

Use passport.authenticate(), specifying the 'cognito' strategy

app.get('/auth/login', passport.authenticate('cognito'));
or
app.get('/auth/login', passport.authenticate('cognito', additionalAuthParameters)); //Overwrite customOptions (see above) or provide additional auth params

app.get('/auth/callback', passport.authenticate('cognito', { failureRedirect: '/error', failureFlash: true, successRedirect: '/index' }));

Additional Details

Refer here for more information about configuring cognito app client

cognito-passport-oauth2 dependencies

@aws-sdk/client-cognito-identity-provider passport-oauth2

cognito-passport-oauth2 development dependencies

@types/node @types/passport-oauth2 typescript

FAQs

What is cognito-passport-oauth2?

A passport strategy to authenticate against an AWS Cognito User Pool OAuth 2.0 provider and get user profile, access to... Visit Snyk Advisor to see a full health score report for cognito-passport-oauth2, including popularity, security, maintenance & community analysis.

Is cognito-passport-oauth2 popular?

The npm package cognito-passport-oauth2 receives a total of 53,230 weekly downloads. As such, cognito-passport-oauth2 popularity was classified as a recognized. Visit the popularity section on Snyk Advisor to see the full health analysis.

Is cognito-passport-oauth2 well maintained?

We found that cognito-passport-oauth2 demonstrated a healthy version release cadence and project activity. It has a community of 4 open source contributors collaborating on the project. See the full package health analysis to learn more about the package maintenance status.

Is cognito-passport-oauth2 safe to use?

The npm package cognito-passport-oauth2 was scanned for known vulnerabilities and missing license, and no issues were found. Thus the package was deemed as safe to use. See the full health analysis review.

Last updated on 28 March-2025, at 02:43 (UTC).

Build a secure application checklist

Select a recommended open source package

Minimize your risk by selecting secure & well maintained open source packages

DONE

Scan your app for vulnerabilities

Scan your application to find vulnerabilities in your: source code, open source dependencies, containers and configuration files

SCAN NOW

Fix identified vulnerabilities

Easily fix your code by leveraging automatically generated PRs

AUTO FIX

Monitor for new issues

New vulnerabilities are discovered every day. Get notified if your application is affected

MONITOR APP

Package Health Score

Explore Similar Packages

Security and license risk for significant versions

Is your project affected by vulnerabilities?

Weekly Downloads (53,230)

Direct Usage Popularity

Embed Package Health Score Badge

Commit Frequency

Keep your project healthy

Check your package.json

Snyk Vulnerability Scanner

Readme

cognito-passport-oauth2

Install

Create Strategy

Configure Route to Invoke Auth Requests

Additional Details

cognito-passport-oauth2 dependencies

cognito-passport-oauth2 development dependencies

FAQs

What is cognito-passport-oauth2?

Is cognito-passport-oauth2 popular?

Is cognito-passport-oauth2 well maintained?

Is cognito-passport-oauth2 safe to use?

Build a secure application checklist

Select a recommended open source package

Scan your app for vulnerabilities

Source Code

Open Source

Container

Config

Fix identified vulnerabilities

Monitor for new issues