Setting up the AWS SDK for JavaScript
Amazon Cognito provides a JavaScript SDK. The following topic provides setup instructions and examples for common tasks while working with user pools.
The Amazon Cognito Identity SDK for JavaScript allows JavaScript-enabled applications to register users, authenticate users, view, delete, and update user attributes within the Amazon Cognito Identity service. Other functionality includes password changes for authenticated users and initiating and completing forgotten password flows for unauthenticated users.
Installing the SDK for JavaScript
The following procedure describes how to set up the SDK for JavaScript.
To set up the SDK for JavaScript
Create an app for your user pool.
Important
The Generate client secret box must be unchecked because the JavaScript SDK doesn't support apps that have a client secret.
Download and include the Amazon Cognito AWS SDK for JavaScript from GitHub.
Note
The Amazon Cognito AWS SDK for JavaScript is a variant of the AWS SDK for JavaScript named
AWSCognitoinstead ofAWS. It references only the Amazon Cognito Identity service. Similar to the SDK for JavaScript, the config.credentials property needs to be populated (either globally forAWSCognitoor per-service).Configure your credentials per the instructions in Getting Your Credentials.
Download and include the Amazon Cognito Identity SDK for JavaScript from GitHub.
Include the JavaScript BN library for BigInteger computations from here.
Include the Stanford JavaScript Crypto Library from here.
Note
By default the Stanford JavaScript Crypto Library doesn't include the bytes codec that the SDK uses, so it must be included with the
--with-codecBytesoption when configuring the Stanford JavaScript Crypto Library (see sjlc README/INSTALL). It is known to build on Linux and requires a Java runtime.Include Moment.js, a JavaScript library used for date manipulation from here.
Optionally, you can download and include the AWS SDK for JavaScript to use other AWS services. The SDK is necessary if you wish to use
AWS.CognitoIdentityCredentials.<script src="/path/to/jsbn.js"></script> <script src="/path/to/jsbn2.js"></script> <script src="/path/to/sjcl.js"></script> <script src="/path/to/moment.min.js"></script> <script src="/path/to/aws-cognito-sdk.min.js"></script> <script src="/path/to/amazon-cognito-identity.min.js"></script> <script src="/path/to/aws-sdk-2.3.5.js"></script>
Network Configuration
The Amazon Cognito Identity JavaScript SDK will make requests to the following endpoints:
For Amazon Cognito Identity request handling: "https://cognito-idp.us-east-1.amazonaws.com"
Note
This endpoint may change based on the region in which you created your Identity Pool.
For most frameworks, you can whitelist all AWS endpoints with "*.amazonaws.com" to whitelist the domain.
Random Numbers
To authenticate with Amazon Cognito Identity, the client app needs to generate a random number as part of the Secure Remote Password (SRP) protocol. For more information, see The Stanford SRP Homepage.
Note
In some Web browsers such as Internet Explorer 8, Internet Explorer 9, or versions
4.2 and 4.3 of the Android Browser, a default paranoia of 0 passed to the Stanford
JavaScript Crypto Library generates weak random numbers that might compromise client
data. You should be careful when using the library in such an environment and call the
sjcl.random.startCollectors() function before starting the Amazon Cognito
authentication flow to collect the entropy required for random number generation.
Paranoia
level should also be increased. See discussion here.
Paranoia levels can be set through the constructor:
var poolData = {
UserPoolId : 'us-east-1_TcoKGbf7n',
ClientId : '4pe2usejqcdmhi0a25jp4b5sh3',
Paranoia : 7
};
var userPool = new AWSCognito.CognitoIdentityServiceProvider.CognitoUserPool(poolData);
var userData = {
Username : 'username',
Pool : userPool
};
var cognitoUser = new AWSCognito.CognitoIdentityServiceProvider.CognitoUser(userData);You can also call the object method:
userPool.setParanoia(7);
