This is a demo of Neon Authorize together with Amazon Web Services' Cognito. This is a minimal app and doesn't exhaustively have all features, but rather just the features neededed to demonstrate how Cognito and Neon Authorize can work together. Namely this app does not have password reset, proper error messaging, or other things necessary for full proper auth support.
- Neon Serverless Postgres (and the serverless driver)
- AWS Cognito
- HTMX
- Node.js
- Express.js
We have other stacks that work with other providers (Next.js, React.js, Nest.js, Solid.js, etc.) if you want other examples. Checkout the neondatabase-labs org on GitHub.
- Sign up for neon.tech and AWS.
- Clone this repo
- Install Node.js 20.6+ as well as npm
- Run npm install in the directory of this project
- Create a new Neon.tech project. AWS or Azure works fine. For now it must be Postgres 16 (not 17).
- Create a new AWS Cognito instance
- Choose email for sign-in options
- Choose your password policy
- No MFA
- Account recovery doesn't matter
- Don't change any options on the next page
- Send email w/ Cognito
- Enter a user pool name
- Public client
- Enter an app name
- Don't generate a client secret (or do, but you'll have to add code to handle the secretHash)
- Create User Pool
- Copy the "Token signing key URL" from the main page of your new Cognito Instance, go to the Neon console of your new project, click "Authorize" in the side bar, add a new provider, and paste the Token signing key URL in there.
- When the side drawer opens after you add the key (which can be opened later too), run the top two commands to enable the Postgres extension in Neon.
- Copy the SQL in schema.sql and run it in the SQL Editor (or run it via psql).
- Copy .env.template to .env
- Get the COGNITO_REGION and COGNITO_CLIENT_ID from your AWS Cognito app you made.
- Get authenticated role connection string from your Neon console. This is different than the neondb_owner string, it does not have an embedded password.
- Run npm run dev to start your app!