Dash Authentication with AWS Cognito

Hi all,

I would like to hack authentication to use the AWS Cognito service instead of Dash-Auth.
Do you think this is possible? What’s a good starting point?
I read that other users managed to do it using the Flask authentication tools, should I subclass some class in their package?
I also read a user can circumvent the authentication by just typing the to a “login_required” site directly.
Any advice will be appreciated. I will post when I manage to have something useful.

I’d like to use Cognito too.

It’s very feasible to use Cognito with Dash.

I didn’t change anything on my code and was able to get an authentication page for it on Cognito.

There were only two issues.

1. On your app you must exclude/comment out Dash authentication. If the Dash login modal pops up it will conflict with Cognito.
2. This one is a lot of more difficult and I haven’t solved it yet. The public URL for my app is an Application Load Balancer DNS. I can’t find I way to redirect this to a custom domain so I can use an SSL certificate and bypass the horrible “Potential Risk ahead” message cause by a “bad” SSL certificate.

If anybody needs help setting up Cognito, I’m more than glad to help and if anybody has the answer for #2 please, please help me. lol. I’ve been trying it for the last week without success.

Hi @samdev! I would like to have more info about setting up cognito for a dash app. Could you please send me the steps you follow to achieve this without code?

@crocha I have achieved to authenticate users with AWS Cognito through the ALB without modifying a single line of code, as @samdev did. In fact the authentication portal is agnostic to the hosted app (be it a Dash app, Flask app or any other app).

Here is some resources on how to use AWS Cognito through the ALB :

• Authenticate users using an Application Load Balancer - Elastic Load Balancing
• Simplify Login with Application Load Balancer Built-in Authentication | AWS News Blog

Big downside, I’m struggling for the authorization part to get user info and display components accordingly.

Does this actually work? I’ve been struggling to get it up and running

I can confirm

Could you please provide some additional details? Does your dash app need to have a different url_base_pathname? How should the callback URLs in Cognito match with the ALB listener redirect URLs? I keep getting a 500 internal error

Does it make a difference that my website is a subdomain? i.e. “[website name].[company].com”

Also did you manage to extract user information into the dash application?

Update:
Managed to sort out the issue - you need to configure the security groups in your load balancer to make outbound communication using HTTPS. I’m struggling a bit with the logout system now

Was anyone successful in building a logout system?