Dash Authentication with AWS Cognito

Hi all,

I would like to hack authentication to use the AWS Cognito service instead of Dash-Auth.
Do you think this is possible? What’s a good starting point?
I read that other users managed to do it using the Flask authentication tools, should I subclass some class in their package?
I also read a user can circumvent the authentication by just typing the to a “login_required” site directly.
Any advice will be appreciated. I will post when I manage to have something useful.

1 Like

I’d like to use Cognito too.

It’s very feasible to use Cognito with Dash.

I didn’t change anything on my code and was able to get an authentication page for it on Cognito.

There were only two issues.

  1. On your app you must exclude/comment out Dash authentication. If the Dash login modal pops up it will conflict with Cognito.
  2. This one is a lot of more difficult and I haven’t solved it yet. The public URL for my app is an Application Load Balancer DNS. I can’t find I way to redirect this to a custom domain so I can use an SSL certificate and bypass the horrible “Potential Risk ahead” message cause by a “bad” SSL certificate.

If anybody needs help setting up Cognito, I’m more than glad to help and if anybody has the answer for #2 please, please help me. lol. I’ve been trying it for the last week without success.

Hi @samdev! I would like to have more info about setting up cognito for a dash app. Could you please send me the steps you follow to achieve this without code?

@crocha I have achieved to authenticate users with AWS Cognito through the ALB without modifying a single line of code, as @samdev did. In fact the authentication portal is agnostic to the hosted app (be it a Dash app, Flask app or any other app).

Here is some resources on how to use AWS Cognito through the ALB :

Big downside, I’m struggling for the authorization part to get user info and display components accordingly.

Does this actually work? I’ve been struggling to get it up and running

I can confirm

Could you please provide some additional details? Does your dash app need to have a different url_base_pathname? How should the callback URLs in Cognito match with the ALB listener redirect URLs? I keep getting a 500 internal error

Does it make a difference that my website is a subdomain? i.e. “[website name].[company].com”

Also did you manage to extract user information into the dash application?

Managed to sort out the issue - you need to configure the security groups in your load balancer to make outbound communication using HTTPS. I’m struggling a bit with the logout system now

Was anyone successful in building a logout system?