[][src]Crate actix_web_middleware_cognito

Middleware for actix-web that helps you validate Cognito tokens.

Cognito validator

Before setting up the middleware we have to create a CognitoValidator that will be built by receiving some vari ables from the environment:

  • COGNITO_REGION: The region of the Cognito pool.
  • COGNITO_POOLID: The Cognito pool id.
  • COGNITO_CLIENTID: The client id of your app.
  • COGNITO_ENABLED (optional): if not present or 0 no validation will be done.
  • COGNITO_VERIFY_ACCESSTOKEN (optional): if not present or 0 idToken will be validated. If present, the accessToken will be validated instead.


Setting up the middleware:

// builidng the validator in order to be shared between all threads.
let cognito_validator =
    Arc::new(CognitoValidator::create().expect("Error configuring the Cognito validator"));

HttpServer::new(move || {
    // cognito middleware
    let cognito = Cognito::new(cognito_validator.clone());

    // set up the app
        .route("/", web::get().to(index))
.bind(format!("{}", PORT))
.unwrap_or_else(|_| panic!("🔥 Couldn't start the server at port {}", PORT))

Extracting the token from the request

The library provides a CognitoInfo extractor for you to get information about the Cognito token. If the token is invalid or you disable the middleware (by omitting the COGNITO_ENABLED environment variable) you will always get a disabled CognitoInfo, i.e. a CognitoInfo with no token.

async fn index(auth: CognitoInfo) -> impl Responder {
    let msg = format!(
        "User with id {} made this call with token {}",



Middleware to use in your Actix-web services


This extractor will only work if you have enabled the Cognito middleware. It will provide information about the token and the user id


Helper to validate the Cognito token. It relies on environment variables and will check the token against Amazon servers.