1) Authentication (Cognito Hosted UI)
route: /
Cognito domain
-
Client ID
-
Redirect URI
-
Logout URI
-
Scopes
-
✅ Works without Amplify. Needs: (a) Cognito domain, (b) App client, (c) callback/sign-out URLs, (d) CloudFront SPA routing (403/404 → /index.html).
Auth log will appear here…
3) Tokens & User Claims
-
4) Minimal “Required Setup” Checklist
- Cognito App Client: allowed callback URL = https://ai.safienta.com/callback
- Cognito App Client: allowed sign-out URL = https://ai.safienta.com/
- CloudFront: default root object = index.html
- CloudFront (SPA): 403/404 → /index.html with HTTP 200
- API: configure JWT/Cognito Authorizer and require it on routes
If you use a single domain like ai.safienta.com/api/*, create a CloudFront behavior for /api/* pointing to API Gateway and disable caching.