[Feature Request] Redirect to custom sign in page

[wakie]

Hi friends,

Any chance support can be added to redirect to a custom sign in page?

I'd rather use my own page instead of the Cognito UI hosted option.

[ottokruse]

Hi @wakie thanks for the suggestion.

Do you have an idea/opinion on how that should work? Will it be an externally hosted login page or within the same CloudFront distribution?

And did you consider federating Cognito to e.g. your AD or other IDP solution? Is that applicable to you? If you federate Cognito to exactly 1 IDP then the Cognito Hosted UI won't be shown even, the user would be forwarded to the IDP's login page immediately (can also make it work with multiple IDP's by the way).

[wakie]

Hi @ottokruse appreciate the response.

My intention is to use my own page hosted within the same CloudFront distro. My script plugs directly into the Cognito APIs so it can handle all of the authentication. This is for the purpose of maintaining a consistent UX without redirecting to a different domain with a different experience.

I don't intend on using AD or third party IDPs at this stage, but may do in the future. I specially want to use the Cognito user pool right now.

I'm happy to add any requirements (oAuth, etc) into my app in order to implement the support, just so long as I maintain full control of the login flow's UX.

[wakie]

I just had a thought @ottokruse

If we allowed "CognitoAuthDomain" to be set via an input parameter, it may just do what I want!

Would that be tricky to implement, at least to try it out as a proof of concept?

[ottokruse]

There is a PR for that actually #44

But... I'm inclined to not pursue that, and instead make the User Pool itself a param, not just the auth domain (read the PR comments if you wanna know why).

You could checkout that PR though and see if it does what you want.

[wakie]

Nice, I didn't know that existed.

I've been thinking about the custom User Pool param feature. I could potentially use that to fit my needs on the assumption that I could use Cognito's custom domain but have the DNS records for that domain to be pointed elsewhere to serve a different page with the domain.

Essentially have the edge Lambdas redirect to the custom domain set in the User Pool which is hosted elsewhere.

Does that sound like it could work?

[ottokruse]

While that could work, I think for what you are looking for it will not be the simplest solution. The lambda's are currently coded to cooperate in the OAuth2 dance of the Cognito hosted UI. You would need to build that OAuth2 dance then also in your custom sign-in page.

Other approach might be:

• create custom sign-in page yourself. It can interact with Cognito API's directly, not through OAuth2
• change the checkauth lambda to redirect to your own page, instead of the Cognito hosted domain
• do everything you need to do for sign-in in your own page, including acquiring JWT's, and setting them in cookies. (That would replace the parseauth function.)

But of course that deviates from the solution in this repo - it is similar but different.