docs icon indicating copy to clipboard operation
docs copied to clipboard
verified publisher icon aws-amplify

Documentation on multi domain sign in

Open houmark opened this issue 5 years ago • 4 comments

We have a React app (CRA) where we need to run multiple subdomains.

For example:

signup.domain.com system.domain.com

We are using Cognito, and have built our own signup/login components that uses Auth behind the scenes (we built these because the AWS built components at the time had some limitations).

I'm struggling to find documentation/examples on how to sign in a user across all subdomains. I've seen cookieStorage mentioned, but I am unsure how to implement it exactly and there seems to be no documentation on how to use this.

Has anyone done this? Any code examples?

Specifically, the user will be on signup.domain.com when signing up and we are then doing a login behind the scenes once the user has finished signing up and then redirect them to the system.domain.com and the wish here is to keep the user signed in, no matter what subdomain they are on.

houmark avatar Dec 21 '20 23:12 houmark

Update here. We were able to simply extend our basic Auth.configure with cookieStorage and it seems to work across subdomains without issues. The only thing related to bringing this change to our platform was that all users were logged out as the login tokens are now expected to be in a cookie instead of local storage.

For anyone coming around to this in the future, here's how we did it:

import awsconfig from '../aws-exports';
const cookieStorage = {
  domain: IS_LOCALHOST ? document.location.hostname : '.ourdomain.com',
  secure: !IS_LOCALHOST,
  path: '/',
  expires: 365,
};
Auth.configure({ ...awsconfig, cookieStorage });

For localhost development, the cookie cannot be secure, as the site runs on HTTP and not HTTPS. Since the domain or IP can be changing, we are dynamically setting the domain when in development. IS_LOCALHOST is a check for the domain to be a local IP or localhost.

houmark avatar Dec 24 '20 02:12 houmark

We have added redirect uri in our documentation here:

https://docs.amplify.aws/lib/auth/social/q/platform/js/#:~:text=to%20learn%20more.-,Redirect%20URIs,-For%20Sign%20in

We implemented this same functionality to work in LocalStorage so it's equivalent but a different implementation. If you want to use cookiestorage, you have to configure it to meet your requirements.

We will be updating the documentation site on the sign-in portion to show users how to signin/signup from subdomains.

Thank you!

aws-eddy avatar Oct 22 '21 20:10 aws-eddy

Hey there @houmark,

What version of amplify was this that you were able to set the cookie storage?

asantos00 avatar Oct 09 '25 12:10 asantos00

This was a long time ago, but I have since updated to the very latest Amplify CLI and also the latest amplify-js packages. So this is possible to make work. You just have to use the correct initialization.

In your App.js (or other main project file):

Amplify.configure(awsconfig);

// Configure cookieStorage for cross-domain authentication (first.domain.com ↔ second.domain.com)
cognitoUserPoolsTokenProvider.setKeyValueStorage(new CookieStorage(cookieStorage));

houmark avatar Oct 10 '25 02:10 houmark