Skip to content

Python: Add a new web demo application: Amazon Cognito identity pools #7549

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 6 commits into from
Sep 29, 2025
Merged

Python: Add a new web demo application: Amazon Cognito identity pools #7549

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
dde2944
Add a new web demo application for Amazon Cognito identity pool
AWS-LanDing Aug 11, 2025
9c6bf11
Fix Python linting error, add missing SPDX headers, and license blocks
AWS-LanDing Aug 11, 2025
cc11d3b
Add SPDX license header to env_config.py
AWS-LanDing Aug 12, 2025
0bf5586
Fix license header for the javascript files
AWS-LanDing Aug 12, 2025
0484e9c
Correcting minor formatting errors in licensing and README
brmur Aug 13, 2025
35421ad
Adding metadata.
rlhagerm Sep 26, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 16 additions & 0 deletions .doc_gen/cross-content/cross_CognitoFlows_Python_block.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "file://zonbook/docbookx.dtd" [
<!ENTITY % phrases-shared SYSTEM "file://AWSShared/common/phrases-shared.ent">
%phrases-shared;
]>
<block>
<para>
Shows web-based demo application that demonstrates &COG; identity
pools authentication flows, allowing users to interactively explore both enhanced and
basic authentication flows with various identity providers.
</para>
<para>For complete source code and instructions on how to set up and run, see the full example
on <ulink
url="https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/cognito/scenarios/identity_pools_example_demo">
GitHub</ulink>.</para>
</block>
15 changes: 15 additions & 0 deletions .doc_gen/metadata/cross_metadata.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1005,3 +1005,18 @@ cross_MonitorDynamoDB:
services:
dynamodb:
cloudwatch:
cross_CognitoFlows:
title: Use &COG; identity pools and authentication flows
title_abbrev: Use &COG; identity pools
synopsis:
create a web-based demo application that demonstrates identity pools authentication flows.
category: Scenarios
languages:
Python:
versions:
- sdk_version: 3
github: python/example_code/cognito/scenarios/identity_pools_example_demo
block_content: cross_CognitoFlows_Python_block.xml
service_main: cognito-identity-provider
services:
cognito-identity-provider:
13 changes: 13 additions & 0 deletions python/example_code/cognito/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,7 @@ Code examples that show you how to accomplish a specific task by calling multipl
functions within the same service.

- [Sign up a user with a user pool that requires MFA](cognito_idp_actions.py)
- [Use Amazon Cognito identity pools](../../example_code/cognito/scenarios/identity_pools_example_demo)


<!--custom.examples.start-->
Expand Down Expand Up @@ -114,6 +115,18 @@ python cognito_idp_actions.py
<!--custom.scenarios.cognito-identity-provider_Scenario_SignUpUserWithMfa.start-->
<!--custom.scenarios.cognito-identity-provider_Scenario_SignUpUserWithMfa.end-->

#### Use Amazon Cognito identity pools

This example shows you how to create a web-based demo application that demonstrates identity pools authentication flows.


<!--custom.scenario_prereqs.cross_CognitoFlows.start-->
<!--custom.scenario_prereqs.cross_CognitoFlows.end-->


<!--custom.scenarios.cross_CognitoFlows.start-->
<!--custom.scenarios.cross_CognitoFlows.end-->

### Tests

⚠ Running tests might result in charges to your AWS account.
Expand Down
63 changes: 63 additions & 0 deletions python/example_code/cognito/scenarios/identity_pools_example_demo/web/.env.example
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
FRONTEND_URL=http://localhost:8001

# Amazon Cognito configuration: replace these example values with your actual AWS configuration
AWS_REGION=us-east-1
AWS_ACCOUNT_ID=123456789012

# Amazon Cognito identity pools configuration: replace with your actual identity pool ID from the Amazon Cognito console
COGNITO_IDENTITY_POOL_ID=us-east-1:a1b2c3d4-5678-90ab-cdef-EXAMPLE11111

# IAM role ARN for authenticated users: it grants permissions to users who have signed in
AUTHENTICATED_ROLE_ARN=arn:aws:iam::123456789012:role/Cognito_IdentityPoolAuth_Role
# IAM role ARN for unauthenticated users: it grants limited permissions to anonymous users
UNAUTHENTICATED_ROLE_ARN=arn:aws:iam::123456789012:role/Cognito_IdentityPoolUnauth_Role

# Amazon Cognito user pool configuration
COGNITO_USER_POOL_ID=us-east-1_EXAMPLE123
COGNITO_APP_CLIENT_ID=1234567890abcdefEXAMPLE
COGNITO_APP_CLIENT_SECRET=1a2b3c4d5e6f7g8h9i0j1k2l3m4n5o6p7q8r9s0tEXAMPLE
COGNITO_DOMAIN=example-domain

# Social identity providers: configure the social identity providers you want to use
# 1. Google OAuth 2.0 configuration: obtain these values from the Google Cloud Console
GOOGLE_CLIENT_ID=123456789012-abcdefghijklmnopqrstuvwxyzEXAMPLE.apps.googleusercontent.com
GOOGLE_CLIENT_SECRET=GOCSPX-AbCdEfGhIjKlMnOpQrStUvWxYzEXAMPLE

# 2. Facebook login configuration: obtain these values from Facebook for developers
FACEBOOK_APP_ID=1234567890123456
FACEBOOK_APP_SECRET=a1b2c3d4e5f6g7h8i9j0k1l2m3n4oEXAMPLE

# 3. Login with Amazon configuration: obtain these values from the Amazon Developer Portal
AMAZON_CLIENT_ID=amzn1.application-oa2-client.a1b2c3d4e5f6g7h8i9j0k1l2m3n4oEXAMPLE
AMAZON_CLIENT_SECRET=amzn1.oa2-cs.v1.a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5zEXAMPLE

# Enterprise identity providers: configure enterprise identity providers for corporate authentication
# 1. OpenID Connect (OIDC) provider configuration: replace with your OIDC provider's configuration

# For Okta, these would typically be:
# OIDC_AUTHORIZATION_ENDPOINT=https://your-domain.okta.com/oauth2/default/v1/authorize
# OIDC_TOKEN_ENDPOINT=https://your-domain.okta.com/oauth2/default/v1/token

# # For Auth0, these would typtically be:
# OIDC_AUTHORIZATION_ENDPOINT=https://your-domain.us.auth0.com/authorize
# OIDC_TOKEN_ENDPOINT=https://your-domain.us.auth0.com/oauth/token

OIDC_CLIENT_ID=oidc_client_1234567890abcdefEXAMPLE
OIDC_CLIENT_SECRET=oidc_secret_a1b2c3d4e5f6g7h8i9j0k1l2m3n4oEXAMPLE
OIDC_AUTHORIZATION_ENDPOINT=https://your-oidc-provider.com/oauth2/authorize
OIDC_TOKEN_ENDPOINT=https://your-oidc-provider.com/oauth2/token
OIDC_ISSUER=https://your-oidc-provider.com

# 2. SAML 2.0 provider configuration: replace with your SAML provider's configuration
# For Okta SAML, these would typically be:
# OKTA_DOMAIN=your-domain.okta.com
# OKTA_APP_ID=exkABCDEF123456789
SAML_SSO_URL=https://example.com/saml/sso
SAML_ENTITY_ID=urn:amazon:cognito:sp:us-east-1:a1b2c3d4-5678-90ab-cdef-EXAMPLE11111
SAML_PROVIDER=ExampleSAMLProvider
SAML_PROVIDER_ARN=arn:aws:iam::123456789012:saml-provider/ExampleSAMLProvider

# Custom developer provider configuration: replace with your custom developer provider name
DEVELOPER_PROVIDER_NAME=ExampleDeveloperProvider
AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE
AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
Loading
Loading