Cognito Multi-Region Auth Demo

A tiny static page for demonstrating Amazon Cognito User Pool multi-Region authentication failover with Hosted UI and OAuth authorization code flow with PKCE.

1. Demo configuration

Use the Cognito custom domain for the real failover demo. Use the primary or secondary prefix domain only for manual comparison testing.

2. Authentication

The sign-in button redirects to Cognito Hosted UI with PKCE. The same static page handles the callback and exchanges the code for tokens.

Not signed in

3. What to say during the demo

  1. Show the configured custom domain. This is the stable entry point the app uses.
  2. Sign in while the primary Region is healthy.
  3. Show the ID token claims and issuer.
  4. Flip the Route 53 health check / failover control to unhealthy.
  5. Sign out, then sign in again through the same custom domain.
  6. Show that sign-in still works, while the application did not change its auth domain.
  7. Try or describe write flows such as sign-up or password reset as degraded during failover.
  8. Restore health and sign in again to show failback.

4. Current token summary

No token yet

The most useful claims for the platform demo are iss, sub, email, token_use, auth_time, iat, and exp.

Decoded ID token claims

No ID token yet.

Decoded access token claims

No access token yet.

Raw operational details

Ready.