Atomic Object Show Nav
Close Menu
< Blog Home
Atomic Object
  • AI Software Development
  • New Product Development
  • Product Enhancement
  • Product Modernization
  • Web App
  • Mobile App
  • IoT Software
  • Desktop App
  • Cloud
  • Healthcare
  • Financial Services
  • Education
  • Insurance
  • See more...
Portfolio
Team
Culture
Contact
We're Hiring
Atomic Object Atomic Object
Services
  • Offerings
  • AI Software Development
  • New Product Development
  • Product Enhancement
  • Product Modernization
  • Platforms
  • Web App
  • Mobile App
  • IoT Software
  • Desktop App
  • Cloud
  • Industries
  • Healthcare
  • Financial Services
  • Education
  • Insurance
  • See more...
Portfolio
Team
Culture
We're Hiring
Blog
Contact
Atomic Object
Services
Portfolio
Team
Culture
We're Hiring
Blog
Contact
← Back to Blog Home

How to Bypass Cognito-Hosted UI With Federated Sign In

Development
by: Molly Alger
November 2, 2021
  • Twitter
  • Facebook
  • Linkedin
  • Hackernews
Bypass Cognito-Hosted UI

Article summary

  • Before We Begin
  • Implementation
  • Bypass Cognito-Hosted UI

Amazon Cognito has many useful tools for authentication workflows, including federated sign-in with third-party identity providers. As part of this workflow, Cognito provides a hosted UI to easily integrate social sign-in to your application. However, if you would prefer to create your own sign-in UI and not just customize what Cognito has to offer, it’s possible to bypass the UI completely. Below is the simple process for skipping over Cognito’s hosted UI while still using federated authentication.

Before We Begin

The example below is from a React app using the AWS Amplify library. Although the example uses Google as the identity provider, it works for other providers as well.

This guide assumes you have set up a Cognito User Pool and properly configured it for federated authentication. Make sure that you also configure the amplify auth library (Auth.configure) using the values from your user pool.

Implementation

By default, calling Auth.federatedSignIn() will route users to Cognito’s hosted UI.

Cognito's hosted UI

In our case, we will completely skip over this method call. Instead, we can navigate directly to the URL that Cognito uses when a user clicks on a link from the Cognito-hosted UI. One easy way to find this URL is to simply inspect the buttons on the hosted UI to see what they do. In this example, when we inspect the button for Google, we see the following onClick handler:


onclick=“window.location.href=‘/oauth2/authorize?identity_provider=Google&redirect_uri=http://localhost:3000&response_type=CODE&client_id=**************&scope=email openid profile'"

Using our Cognito domain as a prefix, we can use this URL to navigate directly to the identity provider’s sign-in screen.


example-cognito-domain.us-west-1.amazoncognito.com
/oauth2/authorize?identity_provider=Google&redirect_uri=http://localhost:3000&response_type=CODE&client_id=**************&scope=email openid profile

Now we can attach this URL to the onClick handler of a button in some custom UI. Simply set the onClick handler of your button to the following:


() => window.location.href=example-cognito-domain.us-west-1.amazoncognito.com
/oauth2/authorize?identity_provider=Google&redirect_uri=http://localhost:3000&response_type=CODE&client_id=**************&scope=email openid profile

This will take us directly to Google’s sign-in screen where we can select an account to sign in with.

Bypass Cognito-Hosted UI

Although Cognito’s hosted UI is useful, it’s limiting when it comes to customizing the look and feel of the login page. Using the strategy above, we can easily create your own UI while still leveraging the federated sign-in capabilities of Cognito.

cognitofederated sign in
 
Molly Alger
Molly Alger
All Posts →

Related Posts

  • HTML/CSS, Development

    Preventing Flexitis: 4 Tips for Getting Started With Flexbox

  • Development

    OIDC and OAuth 2.0 Demystified

  • Development

    How to Pass Data Between Angular Parent and Child Components

Keep up with our latest posts.

We’ll send our latest tips, learnings, and case studies from the Atomic braintrust on a monthly basis.

[mailpoet_form id="1"]
Conversation
  • Earl says:
    March 15, 2022

    Hi Molly,
    Excellent article, just exactly what I’ve been trying to find.

    Do you have an example on GitHub or something?
    Trying to figure out how to do the react app wrapper to intercept the incoming and then trigger the redirect as you describe.
    Not sure if amplify hub or other?

    Thanks.

  • Kieran Schwegman says:
    March 28, 2022

    Hey I’m getting oauth errors after signing in through the url, how’d you configure your aws config file? And Earl, go to the app client and open up the hosted ui. Go into the dev console and grab the url from the button, and grab that specific instance. That should be good for whatever you’re working on

    These are the errors I’m getting
    400 Bad request and
    Error handling auth response. Error: unauthorized_client

  • Kieran Schwegman says:
    March 28, 2022

    I read through all of the github issues and with some of the recent updates to amplify, federatedSignIn’s won’t allow you to authenticate anymore. This is a security precaution specifically for CSRF attacks. It seems they’re working on updating the api, so that’s great though.

    Here’s a link to the github issue
    https://github.com/aws-amplify/amplify-js/issues/2716

  • help says:
    May 8, 2022

    JUST DO:

    Auth.federatedSignIn({ provider: “Google” });

  • Comments are closed.

    Development Category

    • IoT
    • Test Driven Development
    • Unit Testing
    • Software Science
    • Development Practices
    • Developer Tools
    Related Posts
    Development

    Log Your Entire ZSH History

    Development

    Test DynamoDB with Jest Shelf

    Development

    5 Techniques I Use for Quick Kubernetes Review Apps

    Tell Us About Your Project

    We’d love to talk with you about your next great software project. Fill out this form and we’ll get back to you within two business days.

    Share Your Project

    Atomic is a software design + development consultancy.

    © 2025 Atomic Object LLC
    Explore
    • Careers
    • Diversity
    • Resources
    • Atomic Blog
    • Developer Resources
    • Client Resources
    Offices
    • Grand Rapids
    • Ann Arbor
    • Chicago
    • Raleigh-Durham
    Details
    • Contact
    • Media
    • Privacy Policy
    Certified B Corporation