amplify-backend icon indicating copy to clipboard operation
amplify-backend copied to clipboard

Published 20 hours ago verified publisher icon aws-amplify

feat(auth): support custom domain prefix for cognito domain in user pool

Open mengcao opened this issue 1 week ago • 1 comments

Problem

Currently, when leveraging external identity providers in an Amplify app, it is not allowed to specify a custom domain prefix. As a result, when app customers login with the external identity provider such as Google, they are prompted with a cryptic domain name such as db049484d0476df65368.auth.us-east-1.amazoncognito.com. This cryptic domain name is not trust-inspiring and prevents the customers from further using the app.

This PR adds support for custom domain prefix for cognito domain in user pool. Instead of the cryptic domain name, developer of the Amplify app can provide a domain prefix associated with their own brand.

Although this doesn't resolve https://github.com/aws-amplify/amplify-backend/issues/2350, it can serve as a stop gap solution to make the login domain more trust-inspiring.

Issue number, if available:

Changes

  • Add domainPrefix in the ExternalProviderGeneralFactoryProps type.
  • Add util function translateDomainPrefix in packages/backend-auth/src/translate_auth_props.ts to use custom domain prefix if it is specified. translateDomainPrefix is called in translateToAuthConstructLoginWith.
  • Add unit tests in packages/backend-auth/src/translate_auth_props.test.ts.
  • Adjust generateContainerEntry in packages/backend-auth/src/factory.ts to remove functionality that is already covered by translateDomainPrefix.
  • Fix a variable name typo in packages/backend-auth/src/translate_auth_props.ts. Corresponding docs PR, if applicable:

Validation

I added unit tests to cover this change. I also tested this change locally with my Amplify app.

Checklist

  • [x] If this PR includes a functional change to the runtime behavior of the code, I have added or updated automated test coverage for this change.
  • [ ] If this PR requires a change to the Project Architecture README, I have included that update in this PR.
  • [ ] If this PR requires a docs update, I have linked to that docs PR above.
  • [ ] If this PR modifies E2E tests, makes changes to resource provisioning, or makes SDK calls, I have run the PR checks with the run-e2e label set.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

mengcao avatar Nov 23 '25 22:11 mengcao

🦋 Changeset detected

Latest commit: ec8b461c3a4e5082f4a289dc917add344f8a0ea7

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
@aws-amplify/backend-auth Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

changeset-bot[bot] avatar Nov 23 '25 22:11 changeset-bot[bot]