AWS Cognito (Custom Auth)
Hi we are considering using AWS cognito for authentication. Currently we are using Wasp email + password and Google OAuth but would like to know if it's even possible to do this without having to lose access to context.user, useAuth and similar integrations
7 Replies
Hi @Suchitk. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave:
Wohooo @Suchitk, you just became a Waspeteer level 1!
----------------------
Currently, Wasp doesn't have built-in support for AWS Cognito as an authentication provider. Wasp officially supports the following auth methods:
- Email & Password
- Username & Password
- Google
- GitHub
- Keycloak
Auth Overview - Available auth methods
The Wasp team is working on improving authentication options, and they recently integrated Lucia under the hood, which will make it easier to add new providers in the future. However, passwordless authentication (which could include custom providers like Cognito) is planned but not yet implemented.
Discord support thread: Passwordless authentication
If you were to implement AWS Cognito right now, you would likely need to create a custom solution that wouldn't integrate with Wasp's built-in auth features like
context.user, useAuth, etc. This would mean losing access to those convenient integrations.
One potential workaround might be to use your Cognito server as a service that your Wasp server communicates with:
This way, you could still do user/auth checks in Wasp server logic (actions, queries) while delegating the actual authentication to Cognito via HTTP requests. You would need to implement security measures like secret keys between your Wasp server and Cognito.
Discord support thread: Running alongside separate authed API?
However, this approach would require significant custom development and wouldn't give you the seamless integration that Wasp's built-in auth methods provide.
The Wasp team is actively working on improving their auth system. They recently refactored it to use Lucia, which should make adding new providers easier in the future. You might want to check their GitHub issues or Discord for updates on when AWS Cognito support might be added.
----------------------
Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:
----------------------
Sorry @Suchitk, I seem to be having a bit of trouble. Don't worry though, I've pinged my support and they will try to fix me up! :technologist:
Perhaps try again in 15mins?@kapa.ai can I set context object properties i.e custom context.user or something similar?
Let me check the knowledge base for you again. One moment! :books:
----------------------
Based on the knowledge sources, there are a few ways you can customize the context object in Wasp, particularly for adding properties to the user context:
Custom Middleware
You can define your own custom global middleware that would inject additional properties into the request object. As mentioned in one of the Discord threads:
I think the most likely route would be if you defined your own custom global middleware (Wasp has support for that) that would, upon detecting your token in the request, obtain the user based on it (via Prisma) and inject it into req.
Discord support thread: Use Oauth protocol with other than Google or Github
Context in Operations
When working with operations (queries and actions), the context object is automatically populated by Wasp. However, if you import operations directly (rather than through Wasp's hooks), you'll need to construct the context yourself:
They can also import action directly, from its file. In which case they have to construct theGithub Issue: Fix docs on calling queries and actions on the server Future Improvements The Wasp team is aware of the need for more customization options for the user context. There's an open GitHub issue about allowing more information to be added to the user object:contextcompletely on their own, while allegedly, if they import it viawasp/server/operations, they don't have to construct it completely on their own, but need to pass justuserto the context and rest will be added.
If you want to enrich that user object with some more information, e.g. populate it with some extra details, or something, right now you would do additional queries in your React component for that Page. What could be cool instead is if that information was added into user immediately upon fetching it for that page, so no additional queries need to be made.
Github Issue: Allow adding more info to the user object that gets passed to the Page
There's also an issue about improving how Wasp declares extra fields in Express requests:
There is a better way to declare "extra" fields with Express using declare global
Github Issue: Use declare global to declare Wasp specific fields in the Express request
For now, the most practical approach would be to use custom middleware to inject additional properties into the request object, which would then be available in your context.
----------------------
Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:
----------------------
Sorry @Suchitk, I seem to be having a bit of trouble. Don't worry though, I've pinged my support and they will try to fix me up! :technologist:
Perhaps try again in 15mins?Hi @Suchitk, we don't have a officially-supported way of connecting with providers other than the ones on our website right now. BUT, with some custom code you can code your own login/signup actions and connect it to Wasp's user mechanism. We have this Spotify auth example that you can change to your own provider, you will keep the ability to use the user normally.
Gist
Implementing custom OAuth provider with Wasp 0.14.1+ (Spotify in th...
Implementing custom OAuth provider with Wasp 0.14.1+ (Spotify in this case) - .env.server
Amazing this is exactly the kind of start I was looking for and have managed to easily add Cognito into the app. Thanks! @Carlos