nestjs-cognito logoNestJS-Cognito
NestJS-Cognito on GitHub

NestJS Cognito

Have you ever tried integrating AWS Cognito with NestJS? If you have, you probably spent hours wrestling with OIDC flows, JWT verification, token extraction, and AWS SDK configuration.

To be honest, I built this library because I was tired of copying the same authentication code across projects. It shouldn't take 200 lines of boilerplate to protect a route.

So here's what this does: it handles Cognito authentication in NestJS with a decorator. That's it.

@Controller('profile')
export class ProfileController {
  @Get()
  @Authentication()  // Protected route
  getProfile(@CognitoUser() user: CognitoJwtPayload) {
    return user;
  }
}

The library verifies the JWT, extracts the user data, and injects it into your route. If the token is invalid or expired, the request is rejected before it reaches your handler.

What it handles

JWT verification — Validates tokens against Cognito's public keys. Checks expiration, issuer, and signature automatically.

Token extraction — Reads tokens from Authorization headers, cookies, or custom sources. You can combine multiple extractors if needed.

Authorization — Restrict routes based on Cognito groups.

@Get('admin')
@Authorization({ requiredGroups: ['admin'] })
getAdminData() {
  return { sensitive: 'data' };
}

Security — Built on aws-jwt-verify, AWS's official JWT verification library. Handles JWKS key rotation and caching.