Skip to content
Migrating from NextAuth.js v4? Read our migration guide.

providers/cognito

Built-in Cognito integration.

CognitoProfile

Extends

Properties

email

email: string;

name

name: string;

picture

picture: string;

sub

sub: string;

default()

default<P>(options): OAuthConfig<P>

Add Cognito login to your page.

Setup

Callback URL

https://example.com/api/auth/callback/cognito

Configuration

import { Auth } from "@auth/core"
import Cognito from "@auth/core/providers/cognito"
 
const request = new Request(origin)
const response = await Auth(request, {
  providers: [
    Cognito({
      clientId: COGNITO_CLIENT_ID,
      clientSecret: COGNITO_CLIENT_SECRET,
      issuer: COGNITO_ISSUER,
    }),
  ],
})

Resources

Notes

You need to select your AWS region to go the the Cognito dashboard.

💡

The issuer is a URL, that looks like this: https://cognito-idp.\{region\}.amazonaws.com/\{PoolId\}

PoolId is from General Settings in Cognito, not to be confused with the App Client ID.

⚠️

Make sure you select all the appropriate client settings or the OAuth flow will not work.

By default, Auth.js assumes that the Cognito provider is based on the Open ID Connect specification.

💡

The Cognito provider comes with a default configuration. To override the defaults for your use case, check out customizing a built-in OAuth provider.

Disclaimer If you think you found a bug in the default configuration, you can open an issue.

Auth.js strictly adheres to the specification and it cannot take responsibility for any deviation from the spec by the provider. You can open an issue, but if the problem is non-compliance with the spec, we might not pursue a resolution. You can ask for more help in Discussions.

Type parameters

Type parameter
P extends CognitoProfile

Parameters

ParameterType
optionsOAuthUserConfig<P>

Returns

OAuthConfig<P>

Auth.js © Balázs Orbán and Team - 2025