This project demonstrates how to integrate AWS Cognito with Authsignal's MFA capabilities for secure authentication.
The integration uses:
- AWS Cognito as the identity provider
- Authsignal for MFA verification
- AWS Lambda triggers to connect the services
- React frontend for user interaction
- MFA for both sign-up and sign-in flows
- Multiple authentication methods:
- Email OTP
- Email Magic Links
- TOTP (Authenticator Apps)
- Passkeys (WebAuthn)
- Node.js
- AWS Account
- Authsignal Account
- Create a
.envfile in the root directory:
AUTHSIGNAL_SECRET=your_authsignal_secret_key
AUTHSIGNAL_URL=https://api.authsignal.com
USER_POOL_CLIENT_ID=your_cognito_user_pool_client_id
AWS_REGION=your_aws_region
- Create a
.envfile in thelambdasdirectory:
AUTHSIGNAL_SECRET=your_authsignal_secret_key
AUTHSIGNAL_URL=https://api.authsignal.com
USER_POOL_CLIENT_ID=your_cognito_user_pool_client_id
- Install dependencies:
yarn install
- Install Lambda dependencies:
cd lambdas
yarn install
cd ..
- Start the frontend development server:
yarn dev
- Deploy Lambda functions to AWS:
cd lambdas
yarn deploy
The integration uses Lambda functions for authentication flow:
- Pre-Sign-Up Lambda: Auto-confirms users during registration
- Create Auth Challenge: Generates Authsignal tokens for verification
- Verify Auth Challenge Response: Validates user responses
- Sign-Up: Collects email, creates user account, and verifies identity
- Sign-In: Authenticates returning users with MFA
- Account Management: Allows users to add/remove authenticators
Users can authenticate with:
- Email OTP: Codes sent via email
- Email Magic Links: One-click verification links
- TOTP: Time-based codes from authenticator apps
- Passkeys: Biometric and device-based authentication
This implementation provides a secure, flexible authentication system that balances security with user experience. The AWS SDK and Authsignal integration gives full control over authentication flows and UI design.