Cognito integration demo

Sign in or register

This page demonstrates the hosted UI flow: the app redirects to Cognito for login or registration, Cognito returns an authorization code, and the server exchanges it for tokens using PKCE.

Flow overview

  1. GET /api/auth/login or /api/auth/signup generates PKCE values and redirects to Cognito hosted UI.
  2. User authenticates or creates an account on Cognito (MFA may be required in deployed environments).
  3. Cognito redirects to /api/auth/callback with an authorization code.
  4. The server exchanges the code for tokens and stores them in httpOnly cookies.
  5. GET /api/auth/session returns the verified user claims for API clients.

Back to home