{"id":3751,"library":"pycognito","title":"pycognito","description":"pycognito is a Python library that provides a simplified interface for interacting with AWS Cognito User Pools, wrapping Boto3's Cognito client. It includes built-in support for the Secure Remote Password (SRP) protocol, making user authentication straightforward. The current version is 2024.5.1, and it typically releases new versions monthly or bi-monthly, incorporating fixes and feature enhancements.","status":"active","version":"2024.5.1","language":"en","source_language":"en","source_url":"https://github.com/pvizeli/pycognito","tags":["aws","cognito","authentication","srp","boto3"],"install":[{"cmd":"pip install pycognito","lang":"bash","label":"Install pycognito"}],"dependencies":[{"reason":"Core dependency for interacting with AWS services, including Cognito.","package":"boto3"},{"reason":"Used for JWT validation; replaced `python-jose` in version 2024.2.0.","package":"PyJWT"}],"imports":[{"symbol":"Cognito","correct":"from pycognito import Cognito"}],"quickstart":{"code":"import os\nfrom pycognito import Cognito\n\n# It's highly recommended to load these from environment variables or a secure configuration system.\n# Replace 'your_pool_id', 'your_client_id', 'your_username', 'YourStrongPassword123!'\nUSER_POOL_ID = os.environ.get('COGNITO_USER_POOL_ID', 'us-east-1_your_pool_id')\nCLIENT_ID = os.environ.get('COGNITO_CLIENT_ID', 'your_client_id')\nUSERNAME = os.environ.get('COGNITO_USERNAME', 'your_username')\nPASSWORD = os.environ.get('COGNITO_PASSWORD', 'YourStrongPassword123!')\n\n# Check if placeholder values are still present\nif 'your_pool_id' in USER_POOL_ID or 'your_client_id' in CLIENT_ID or\\\n   USERNAME == 'your_username' or PASSWORD == 'YourStrongPassword123!':\n    print(\"Please set COGNITO_USER_POOL_ID, COGNITO_CLIENT_ID, COGNITO_USERNAME, and COGNITO_PASSWORD environment variables or replace placeholders in the code.\")\nelse:\n    try:\n        # Initialize Cognito with User Pool ID, Client ID, and username\n        c = Cognito(USER_POOL_ID, CLIENT_ID, username=USERNAME)\n\n        # Authenticate the user. SRP (Secure Remote Password) protocol is handled automatically.\n        c.authenticate(password=PASSWORD)\n\n        print(f\"Successfully authenticated user: {USERNAME}\")\n        print(f\"Access Token (first 30 chars): {c.access_token[:30]}...\")\n        print(f\"ID Token (first 30 chars): {c.id_token[:30]}...\")\n        # Refresh token is also available as c.refresh_token\n        \n        # Example: Get user attributes\n        user_attributes = c.get_user_attributes()\n        print(f\"User attributes: {user_attributes}\")\n\n    except Exception as e:\n        print(f\"Authentication failed: {e}\")","lang":"python","description":"This quickstart demonstrates how to initialize the `Cognito` client and authenticate a user using their username and password. It automatically handles the SRP (Secure Remote Password) protocol. Ensure you replace the placeholder values for `USER_POOL_ID`, `CLIENT_ID`, `USERNAME`, and `PASSWORD` with your actual Cognito credentials, ideally loaded from environment variables."},"warnings":[{"fix":"Ensure `PyJWT` is installed (it's a dependency) and review any custom JWT processing code. Most direct usage of `pycognito` should remain unaffected.","message":"The internal JWT validation library switched from `python-jose` to `PyJWT`. While the public API for token handling is largely stable, users who relied on specific internals or configurations of `python-jose` might encounter issues.","severity":"breaking","affected_versions":"<2024.2.0"},{"fix":"Upgrade your Python environment to version 3.8 or newer before installing or running `pycognito`.","message":"The minimum required Python version has been raised to 3.8. Users on older Python versions will experience installation or runtime failures.","severity":"breaking","affected_versions":"<2024.5.0"},{"fix":"Review calls to `admin_create_user` and `admin_reset_user_password` in your application. Consult the latest documentation or GitHub examples for required parameters, especially `client_metadata` and handling of temporary passwords.","message":"Parameter changes and fixes for `admin_create_user` and `admin_reset_user_password` methods, particularly regarding `client_metadata` and temporary password generation, were introduced. Older implementations might not align with the current expected parameters or behavior.","severity":"gotcha","affected_versions":"<2022.11.0"},{"fix":"Thoroughly test your MFA implementation. Follow the Cognito documentation and `pycognito` examples carefully for `associate_srp_mfa`, `verify_mfa`, and other MFA-related methods to ensure correct sequence and parameter handling.","message":"While pycognito handles SRP, Multi-Factor Authentication (MFA) setup and interaction (e.g., `associate_srp_mfa`, `verify_mfa`) can be complex and is a common source of implementation errors if not handled precisely according to the Cognito flow. Though fixes were made, careful implementation is still required.","severity":"gotcha","affected_versions":"<2022.11.1"}],"env_vars":null,"last_verified":"2026-04-11T00:00:00.000Z","next_check":"2026-07-10T00:00:00.000Z"}