nestjs-cognito logoNestJS-Cognito
NestJS-Cognito on GitHub

Integration Guide

The @nestjs-cognito/auth package is great for protecting routes. But sometimes you need more control. Maybe you want to verify tokens manually, or manage users through the Cognito API.

That's where the core adapters come in:

CognitoJwtVerifier: Verify JWT tokens manually.

CognitoIdentityProvider: Call Cognito APIs (create users, update attributes, etc).

Verify tokens manually

import { CognitoJwtVerifier, InjectCognitoJwtVerifier } from '@nestjs-cognito/core';

@Injectable()
export class AuthService {
  constructor(
    @InjectCognitoJwtVerifier()
    private readonly jwtVerifier: CognitoJwtVerifier
  ) {}

  async validateToken(token: string) {
    return this.jwtVerifier.verify(token);
  }
}

Manage users with Cognito API

import { CognitoIdentityProvider } from '@aws-sdk/client-cognito-identity-provider';
import { InjectCognitoIdentityProvider } from '@nestjs-cognito/core';

@Injectable()
export class UserService {
  constructor(
    @InjectCognitoIdentityProvider()
    private readonly cognitoClient: CognitoIdentityProvider
  ) {}

  async getUser(username: string) {
    return this.cognitoClient.adminGetUser({
      UserPoolId: 'your-user-pool-id',
      Username: username
    });
  }
}

Which module to use

Need decorators and guards? Use CognitoAuthModule from @nestjs-cognito/auth:

import { CognitoAuthModule } from '@nestjs-cognito/auth';

@Module({
  imports: [
    CognitoAuthModule.register({
      identityProvider: {
        region: process.env.AWS_REGION,
        credentials: {
          accessKeyId: process.env.AWS_ACCESS_KEY_ID,
          secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY,
        },
      },
      jwtVerifier: {
        userPoolId: process.env.COGNITO_USER_POOL_ID,
        clientId: process.env.COGNITO_CLIENT_ID,
        tokenUse: 'access',
      },
    }),
  ],
})
export class AppModule {}

Just need the core adapters? Use CognitoModule from @nestjs-cognito/core:

import { CognitoModule } from '@nestjs-cognito/core';

@Module({
  imports: [
    CognitoModule.register({
      identityProvider: {
        region: process.env.AWS_REGION,
        credentials: {
          accessKeyId: process.env.AWS_ACCESS_KEY_ID,
          secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY,
        },
      },
      jwtVerifier: {
        userPoolId: process.env.COGNITO_USER_POOL_ID,
        clientId: process.env.COGNITO_CLIENT_ID,
        tokenUse: 'access',
      },
    }),
  ],
})
export class AppModule {}