{"id":26844,"library":"cognito-passport-oauth2","title":"cognito-passport-oauth2","description":"A Passport strategy for authenticating against AWS Cognito User Pools using OAuth 2.0. Version 1.3.1 provides a subclass of passport-oauth2 that supports Cognito-specific auth parameters such as identity_provider and custom scopes. Released as ES5 with CommonJS module format, it integrates seamlessly with Express and Passport. Designed for Node.js server-side authentication flows where Cognito is the identity provider. Includes TypeScript definitions. Not actively maintained, with no recent updates.","status":"active","version":"1.3.1","language":"javascript","source_language":"en","source_url":"https://github.com/ajayaldo/passport-cognito-oauth2","tags":["javascript","passport","cognito","aws","strategy","oauth2","authentication","express","userpool","typescript"],"install":[{"cmd":"npm install cognito-passport-oauth2","lang":"bash","label":"npm"},{"cmd":"yarn add cognito-passport-oauth2","lang":"bash","label":"yarn"},{"cmd":"pnpm add cognito-passport-oauth2","lang":"bash","label":"pnpm"}],"dependencies":[{"reason":"Extends the OAuth2 strategy; required for token exchange and authorization","package":"passport-oauth2","optional":false},{"reason":"Passport authentication framework; must be installed separately","package":"passport","optional":false}],"imports":[{"note":"ESM import available; avoid mixing require() in ESM files. The default export is the strategy class.","wrong":"const CognitoOAuth2Strategy = require('cognito-passport-oauth2');","symbol":"CognitoOAuth2Strategy","correct":"import { CognitoOAuth2Strategy } from 'cognito-passport-oauth2'"},{"note":"CommonJS destructured import is correct. The library exports the class directly, not as a default export.","wrong":"const CognitoOAuth2Strategy = require('cognito-passport-oauth2').default","symbol":"CognitoOAuth2Strategy","correct":"const { CognitoOAuth2Strategy } = require('cognito-passport-oauth2')"},{"note":"No default export; use named import with alias to mimic common pattern.","wrong":"import Strategy from 'cognito-passport-oauth2'","symbol":"Strategy","correct":"import { CognitoOAuth2Strategy as Strategy } from 'cognito-passport-oauth2'"}],"quickstart":{"code":"import express from 'express';\nimport passport from 'passport';\nimport { CognitoOAuth2Strategy } from 'cognito-passport-oauth2';\nimport session from 'express-session';\n\nconst app = express();\napp.use(session({ secret: 'your-secret', resave: false, saveUninitialized: true }));\napp.use(passport.initialize());\napp.use(passport.session());\n\npassport.serializeUser((user, done) => done(null, user));\npassport.deserializeUser((user, done) => done(null, user));\n\nconst options = {\n  callbackURL: 'http://localhost:4001/auth/callback',\n  clientDomain: 'https://yourdomain.auth.eu-west-1.amazoncognito.com',\n  clientID: process.env.COGNITO_CLIENT_ID ?? '',\n  clientSecret: process.env.COGNITO_CLIENT_SECRET ?? '',\n  region: 'eu-west-1',\n  passReqToCallback: true\n};\n\nasync function verify(req, accessToken, refreshToken, profile, done) {\n  // Custom user logic here\n  return done(null, { username: profile.username });\n}\n\npassport.use('cognito', new CognitoOAuth2Strategy(options, verify));\n\napp.get('/auth/login', passport.authenticate('cognito'));\napp.get('/auth/callback', passport.authenticate('cognito', { failureRedirect: '/login', successRedirect: '/' }));\n\napp.listen(3000);","lang":"typescript","description":"Shows Express app setup with Passport, Cognito OAuth2 strategy, session handling, and route configuration."},"warnings":[{"fix":"Set clientDomain to 'https://yourdomain.auth.region.amazoncognito.com' (with https:// prefix).","message":"clientDomain must be the full Cognito domain including https://","severity":"gotcha","affected_versions":">=1.0"},{"fix":"Use the correct signature: verify(req, accessToken, refreshToken, tokenObj, profile, done) where tokenObj.id_token contains the ID token.","message":"The verify function signature changed: if you need id_token, use 5-argument signature (req, accessToken, refreshToken, { id_token }, profile, done).","severity":"gotcha","affected_versions":">=1.2"},{"fix":"Optionally use an additional library to verify the JWT id_token from Cognito.","message":"The strategy does not validate the id_token by default; you must implement verification if required.","severity":"gotcha","affected_versions":">=1.0"},{"fix":"Upgrade Node.js to version 10 or later.","message":"Dropped support for Node.js < 10 in version 1.3.0","severity":"breaking","affected_versions":">=1.3.0"},{"fix":"Remove passReqToCallback from options; the request is always passed as first argument when using the 5-argument form.","message":"The 'passReqToCallback' option is no longer needed if using the 5-argument verify function.","severity":"deprecated","affected_versions":">=1.2"}],"env_vars":null,"last_verified":"2026-04-25T00:00:00.000Z","next_check":"2026-07-24T00:00:00.000Z","problems":[{"fix":"Use const { CognitoOAuth2Strategy } = require('cognito-passport-oauth2'); to destructure the named export.","cause":"Using CommonJS require without destructuring, e.g., const CognitoOAuth2Strategy = require('cognito-passport-oauth2'); returns the module object, not the class directly.","error":"CognitoOAuth2Strategy is not a constructor"},{"fix":"Verify that clientID, clientSecret, and clientDomain are correct and that the app client has authorization_code grant enabled.","cause":"Missing or incorrect client_id or client_secret; or using wrong clientDomain.","error":"Error: Unsupported grant type: authorization_code"},{"fix":"Ensure you are using version >=1.2 and the verify function signature matches: verify(req, accessToken, refreshToken, { id_token }, profile, done) if you need id_token.","cause":"Using the 5-argument verify signature but the strategy expects a 4-argument signature (older version) or the token object is not provided.","error":"TypeError: Cannot destructure property 'id_token' of 'undefined' or 'null'."}],"ecosystem":"npm","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}