An authentication service that implements the authorization code grant to handle user authentication. The provided AuthenticationPlugin reference implementation, CognitoAuthenticationPlugin, uses Cognito as the backing IdP.
// Initialize a CognitoAuthenticationPluginOptions object
const cognitoAuthenticationPluginOptions: CognitoAuthenticationPluginOptions = {
cognitoDomain: '<Cognito Hosted UI Domain>',
userPoolId: '<Cognito User Pool ID>',
webUiClient: {
clientId: '<Cognito User Pool Client ID for WebUI>',
clientSecret: '<Cognito User Pool Client Secret for WebUI>',
},
allowedClientIds: ['<Optional Cognito User Pool ID for programmatic access>'],
websiteUrl: '<Website URL>'
};
// Create an AuthenticationPlugin instance
const cognitoAuthenticationPlugin = new CognitoAuthenticationPlugin(cognitoAuthenticationPluginOptions);
// Create an AuthenticationService instance
const authenticationService = new AuthenticationService(cognitoAuthenticationPlugin);Documentation on integrating AuthenticationService with Express can be found here.
AuthenticationService provides one AuthenticationPlugin reference implementation called CognitoAuthenticationPlugin that uses Cognito as the Identity Provider (IdP). Cognito can integrate with any OIDC compatible external IdP, but if another primary IdP is required, a custom AuthenticationPlugin can be created. A user-provided plugin must implement the AuthenticationPlugin interface.