# Cognito

composer require socialiteproviders/cognito

# Installation & Basic Usage

Please see the Base Installation Guide (opens new window), then follow the provider specific instructions below.

# Add configuration to config/services.php

'cognito' => [
    'host' => env('COGNITO_HOST'),
    'client_id' => env('COGNITO_CLIENT_ID'),
    'client_secret' => env('COGNITO_CLIENT_SECRET'),
    'redirect' => env('COGNITO_CALLBACK_URL'),
    'scope' => explode(",", env('COGNITO_LOGIN_SCOPE')),
    'logout_uri' => env('COGNITO_SIGN_OUT_URL')

# Add provider event listener

# Laravel 11+

In Laravel 11, the default EventServiceProvider provider was removed. Instead, add the listener using the listen method on the Event facade, in your AppServiceProvider boot method.

  • Note: You do not need to add anything for the built-in socialite providers unless you override them with your own providers.
Event::listen(function (\SocialiteProviders\Manager\SocialiteWasCalled $event) {
    $event->extendSocialite('cognito', \SocialiteProviders\Cognito\Provider::class);
Laravel 10 or below Configure the package's listener to listen for `SocialiteWasCalled` events.

Add the event to your listen[] array in app/Providers/EventServiceProvider. See the Base Installation Guide (opens new window) for detailed instructions.

protected $listen = [
    \SocialiteProviders\Manager\SocialiteWasCalled::class => [
        // ... other providers

# Usage

You should now be able to use the provider like you would regularly use Socialite (assuming you have the facade installed):

return Socialite::driver('cognito')->redirect();

Logout of app and cognito then redirect to url

public function cognitoLogout() {
    Auth::logout(); // Log out app
    return redirect(Socialite::driver('cognito')->logoutCognitoUser()); // Call cognito logout url

Logout of app and cognito then redirect back to login UI.

public function cognitoSwitchAccount() {
    Auth::logout(); // Log out app
    $scopes = explode(",", env('COGNITO_LOGIN_SCOPE')); // Override default scopes if needed
    return redirect(Socialite::driver('cognito')->scopes($scopes)->switchCognitoUser()); // Call cognito logout url

Example env


# Helpful tips

  • Cognito requires SSL, try ngrok for local testing (works for everything except logout url).
  • Returned user array contains all available attributes (set these in your cognito client app).
  • If receiving state errors try this $user = Socialite::driver('cognito')->stateless()->user();
  • "sub" is Cognito UUID, more info on attributes (opens new window)
  • .env COGNITO_CALLBACK_URL must in your Cognito client app Callback URL(s)
  • .env COGNITO_SIGN_OUT_URL must in your Cognito client app Sign out URL(s)

project setup tutorial (opens new window)

# Returned User fields