Skip to main content
As of April 2023, bulk migration of users from Amazon Web Services (AWS) to Auth0 is not feasible. Auth0 recommends using Automatic Migration, also known as lazy loading, by following the steps below.
  1. Configure a Custom Database in Auth0 and point it to your AWS Cognito user pool.
  2. Set Import Users to Auth0 to True.
  3. Define two scripts: one to get a user and another to login a user.
  4. With the Auth0 get-user and login scripts, use the amazon-cognito-identity-js npm package APK to automatically migrate your users.
Below is example JavaScript code.
get-user.js
/*
    Requires Auth0 Global Variables to be set - https://auth0.com/docs/rules/configure-global-variables-for-rules
    If testing locally (or not wanting to use Auth0 Global Variables):
    const configuration = {
      "accessKeyId": "GQZDJNME56E3AJUBXMFOO",
      "secretAccessKey": "your-cognito-secret-access-key",
      "region": "eu-west-1",
      "UserPoolId": "eu-west-1_V69pvauTp"
    */

    function getUser(username, callback) {
const userParameters =  ["email", "email_verified", "custom:designation"];
const AWS = require('aws-sdk@2.593.0');
AWS.config.update({ "accessKeyId": configuration.accessKeyId, "secretAccessKey": configuration.secretAccessKey, "region": configuration.region });
const cognito = new AWS.CognitoIdentityServiceProvider();

cognito.adminGetUser({
    UserPoolId: configuration.UserPoolId,
    Username: username
}, (err, data) => {
    if (err) {
        console.log(err);
        if (err.code === "UserNotFoundException") return callback(null);
        else callback(err);
    }
    else {
        console.log(data);
        if (data.code === "UserNotFoundException") return callback(null);
        else {
            let profile = {
                "user_id": data.UserAttributes.find(item=>item.Name==="sub").Value,
                "username": data.Username,
            };
            userParameters.forEach(customParameterName => {
                profile[customParameterName] = data.UserAttributes.find(item=>item.Name===customParameterName).Value;
            });
            return callback(null, profile);
        }
    }

});

    }
login.js
/*
    Read StackOverflow article about potential window issue: https://stackoverflow.com/questions/40219518/aws-cognito-unauthenticated-login-error-window-is-not-defined-js

    Requires Auth0 Global Variables to be set - https://auth0.com/docs/rules/configure-global-variables-for-rules

    If testing locally (or not wanting to use Auth0 Global Variables):
    const configuration = {
      "ClientId": "7tY2xt2NHwj3ZWfovz0wHrJ22IDr15XTyVlo08Xx",
      "UserPoolId": "eu-west-1_V69pvauTp"
    */

    function login(username, password, callback) {
global.fetch = require('node-fetch@2.6.0');
var AmazonCognitoIdentity = require('amazon-cognito-identity-js@3.0.14');
var poolData = {
    UserPoolId: configuration.UserPoolId,
    ClientId: configuration.ClientId

};
var userPool = new AmazonCognitoIdentity.CognitoUserPool(poolData);

var authenticationDetails = new AmazonCognitoIdentity.AuthenticationDetails({
    Username: username,
    Password: password
});
var userData = {
    Username: username,
    Pool: userPool
};
var cognitoUser = new AmazonCognitoIdentity.CognitoUser(userData);
cognitoUser.authenticateUser(authenticationDetails, {
    onSuccess: function (result) {
        //console.log(result);
        var idTokenPayload = result.getIdToken().payload;
        console.log(idTokenPayload);
        var profile = {
          user_id: idTokenPayload.sub,
          email: idTokenPayload.email,
          /* might want to set this to false if you're not validating email addresses */
          email_verified: true,
        };
        console.log({ result, idTokenPayload, profile });
        callback(null, profile);
    },
    onFailure: (function (err) {
        return callback(new WrongUsernameOrPasswordError(username))
    })
});
    }