AWS Cognito Service in Core 3.1 Application

AWS Cognito Service is the user management and authentication product of Amazon Cloud. It provides the plug able login functionality for any type of application. It also provides the users to sign in through external federated identity providers like Facebook, google, Login with Amazon, Sign with apple etc.

Advantages of this services.
1. We don’t have to write code for user management functionalities.
2. Free for the first 50,000 monthly active users.
3. It will provide centralize authentication.

What are the steps to create this services

1. Create a User Pool on Amazon web site

2. Create an App Client

3. Go to the domain and give some domain name

4. Go to the App Clients in general Setting and Create it like this.
You will get the Client Id and App client secret which one is required in code configuration.

5. Go to the app client setting and configure for localhost demo testing like this


6. Click on Lunch Hosted UI to test the configuration

7. You will get the popup like this

8. Now we can easily integrate this service in core mvc application or Web Api like this
Firstly create the mvc core application and install the this nuget package

9. Go to application startup page and write the code like this

 public void ConfigureServices(IServiceCollection services)
            services.AddAuthentication(options =>
                options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
            .AddOpenIdConnect(options =>
                options.ResponseType = "code";
                options.MetadataAddress = "";
                options.ClientId = "1l4gbb56bdjs4h91iejj0pcvc";
                options.ClientSecret = "18rjdld2hr59ca20115r7008iiacis9cco3fujsij50mlaln4t8";


In the above configuration, we have to configure the metadata URL in this format

in the below image, from the general setting we will get the region and userpoolId.

10. Now run the application and you will get the login page like this

11. Create the profile and login in application in Aws you will get the profile like this


10 thoughts on “AWS Cognito Service in Core 3.1 Application

  1. Peter G Charij February 12, 2020 / 12:04 am

    Hi Chandra, thanks for the tutorial, seems very useful!

    I’ve followed the steps you’ve laid out, but my application is getting blocked with a Cognito “redirect_mismatch” error, when it tries to authenticate.

    Do you have any ideas on what further steps are needed to resolve this?

    • Tom April 13, 2020 / 8:59 am

      Hi Peter, having the same issue,
      Have you ever solved it?

      • Suraj Singh June 26, 2020 / 7:25 am

        Hi Pete and Tom,
        I am also getting the same issue. any luck on this.

  2. Chandradev February 12, 2020 / 4:54 pm

    It looks like you have missed some steps of configuration. To validate your configuration, there is option to test which one i have given in step 6 of my tutorial.

    • William January 17, 2021 / 10:55 pm

      Never bothered to click on “Launch Hosted UI” Doing so quickly helped to identify a few incorrect settings. As it turned out, my AWS Console session timed out, but there was no indication that happened despite the numerous changes and SAVEs I was making to the App client settings.

  3. Graham May 26, 2020 / 3:47 pm

    I had the same issue, problem was I had not included the correct redirect:

    I was using “https://localhost:44341”

    When I should have been using “https://localhost:44341/signin-oidc”

    Also needed to include “app.UseAuthentication();” in StartUp -> Configure() to handle that redirect.

    And the UseAuthentication() needed to be before UseAuthorization() or it caused a redirect loop.

    • Parag February 1, 2021 / 8:34 am

      Graham, You are a life saver. I spent close to 2 days trying to figure why the API would throw 401 even when I was passing the correct token and it turned out to be your last line.. Indeed I had UseAuthorization() before UserAuthentication().

  4. suraj June 26, 2020 / 7:11 am

    Hi All,
    I ma getting the rediret_mismatch issue, has anyone faced same and figured out what could be the cause for this.

    • Vlad July 9, 2020 / 4:49 am

      See above: if you debug in DevConsole you see it adds /signin-oidc so change your path in Cognito itself to: smth/signin-oidc

      I was using “https://localhost:44341”

      When I should have been using “https://localhost:44341/signin-oidc”

      • Martin August 22, 2020 / 1:57 pm

        How did you handle the logout? I am having issues configuring it

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.