AWS Cognito as Django authentication back-end for web site

To add to the accepted answer, there is a simple but very important extra step that I found was necessary to take to use django-warrant with Django 2.0:

The conditional in backend.py in the root package needs to be changed from:

    if DJANGO_VERSION[1] > 10

to:

    if DJANGO_VERSION[1] > 10 or DJANGO_VERSION[0] > 1:

Using django-warrant with Zappa and AWS Lambda:

The project I am working on also uses Zappa to enable the serverless deployment of my Django app to AWS Lambda. Although the above code fixed django-warrant for me when testing locally, after deploying the app to the Lambda environment, I had another significant issue stemming from some of django-warrant's supporting packages - primarily related to python-jose-pycryptodome, which django-warrant uses during the authentication process. The issue showed itself in the form of a FileNotFound error related to the Crypto._SHA256 file. This error appears to have been caused because pycryptodome expects different files to be available in the Crypto package at runtime on Windows (which I am developing on) and Linux (the Lambda environment) respectively. I ended up solving this issue by downloading the Linux version of pycryptodome and merging its Crypto package with the Crypto package from the Windows version.

TLDR: If you want to use django-warrant with AWS Lambda and you are developing on a Windows machine, make sure to download the Linux version of pycryptodome and merge its Crypto package with the same from the Windows version.

Note: The versions of pycryptodome and python-jose (not python-jose-cryptodome) that I ended up using to achieve the above were 3.7.2 and 3.0.1 respectively.


If you are reading this, you probably googled "aws cognito django" xD.

I just want to share what I did in order to get this thing to work:

  • Django-Warrant. Great aws cognito wrapper package.
  • Make sure to understand your current User model structure. If you use custom user model, don't forget to map it using COGNITO_ATTR_MAPPING setting.
  • Change your authentication to support 3rd party connectivity. When you get from the client some Cognito token, convert it into your own token using oAuth/JWT/Session.

  • Rethink your login/register process. Do you want different registration? The django-warrant package supports it...

At the end of the day, this is a GREAT solution for fast authentication.