`fastmcp.server.auth.providers.aws`

AWS Cognito OAuth provider for FastMCP.

This module provides a complete AWS Cognito OAuth integration that's ready to use with a user pool ID, domain prefix, client ID and client secret. It handles all the complexity of AWS Cognito's OAuth flow, token validation, and user management.

Example: ```python from fastmcp import FastMCP from fastmcp.server.auth.providers.aws_cognito import AWSCognitoProvider

# Simple AWS Cognito OAuth protection
auth = AWSCognitoProvider(
    user_pool_id="your-user-pool-id",
    aws_region="eu-central-1",
    client_id="your-cognito-client-id",
    client_secret="your-cognito-client-secret"
)

mcp = FastMCP("My Protected Server", auth=auth)
```

Classes

`AWSCognitoTokenVerifier` <a href="https://github.com/PrefectHQ/fastmcp/blob/main/src/fastmcp/server/auth/providers/aws.py#L40" target="_blank"><Icon icon="github" style="width: 14px; height: 14px;" /></a>

Token verifier for Cognito access tokens.

Cognito access tokens use a client_id claim instead of the standard aud claim. This subclass passes audience=None to the parent (skipping the aud check) and validates the client_id claim directly.

Methods:

`verify_token` <a href="https://github.com/PrefectHQ/fastmcp/blob/main/src/fastmcp/server/auth/providers/aws.py#L53" target="_blank"><Icon icon="github" style="width: 14px; height: 14px;" /></a>

python

verify_token(self, token: str) -> AccessToken | None

Verify token and filter claims to Cognito-specific subset.

`AWSCognitoProvider` <a href="https://github.com/PrefectHQ/fastmcp/blob/main/src/fastmcp/server/auth/providers/aws.py#L90" target="_blank"><Icon icon="github" style="width: 14px; height: 14px;" /></a>

Complete AWS Cognito OAuth provider for FastMCP.

This provider makes it trivial to add AWS Cognito OAuth protection to any FastMCP server using OIDC Discovery. Just provide your Cognito User Pool details, client credentials, and a base URL, and you're ready to go.

Features:

Automatic OIDC Discovery from AWS Cognito User Pool
Automatic JWT token validation via Cognito's public keys
Cognito-specific claim filtering (sub, username, cognito:groups)
Support for Cognito User Pools

Methods:

`get_token_verifier` <a href="https://github.com/PrefectHQ/fastmcp/blob/main/src/fastmcp/server/auth/providers/aws.py#L207" target="_blank"><Icon icon="github" style="width: 14px; height: 14px;" /></a>

python

get_token_verifier(self) -> AWSCognitoTokenVerifier

Creates a Cognito-specific token verifier with claim filtering.

Args:

algorithm: Optional token verifier algorithm
audience: Optional token verifier audience
required_scopes: Optional token verifier required_scopes
timeout_seconds: HTTP request timeout in seconds

aws

`fastmcp.server.auth.providers.aws`

Classes

`AWSCognitoTokenVerifier` <sup><a href="https://github.com/PrefectHQ/fastmcp/blob/main/src/fastmcp/server/auth/providers/aws.py#L40" target="_blank"><Icon icon="github" style="width: 14px; height: 14px;" /></a></sup>

`verify_token` <sup><a href="https://github.com/PrefectHQ/fastmcp/blob/main/src/fastmcp/server/auth/providers/aws.py#L53" target="_blank"><Icon icon="github" style="width: 14px; height: 14px;" /></a></sup>

`AWSCognitoProvider` <sup><a href="https://github.com/PrefectHQ/fastmcp/blob/main/src/fastmcp/server/auth/providers/aws.py#L90" target="_blank"><Icon icon="github" style="width: 14px; height: 14px;" /></a></sup>

`get_token_verifier` <sup><a href="https://github.com/PrefectHQ/fastmcp/blob/main/src/fastmcp/server/auth/providers/aws.py#L207" target="_blank"><Icon icon="github" style="width: 14px; height: 14px;" /></a></sup>

aws

fastmcp.server.auth.providers.aws

Classes

AWSCognitoTokenVerifier <sup><a href="https://github.com/PrefectHQ/fastmcp/blob/main/src/fastmcp/server/auth/providers/aws.py#L40" target="_blank"><Icon icon="github" style="width: 14px; height: 14px;" /></a></sup>

verify_token <sup><a href="https://github.com/PrefectHQ/fastmcp/blob/main/src/fastmcp/server/auth/providers/aws.py#L53" target="_blank"><Icon icon="github" style="width: 14px; height: 14px;" /></a></sup>

AWSCognitoProvider <sup><a href="https://github.com/PrefectHQ/fastmcp/blob/main/src/fastmcp/server/auth/providers/aws.py#L90" target="_blank"><Icon icon="github" style="width: 14px; height: 14px;" /></a></sup>

get_token_verifier <sup><a href="https://github.com/PrefectHQ/fastmcp/blob/main/src/fastmcp/server/auth/providers/aws.py#L207" target="_blank"><Icon icon="github" style="width: 14px; height: 14px;" /></a></sup>

`fastmcp.server.auth.providers.aws`

`AWSCognitoTokenVerifier` <sup><a href="https://github.com/PrefectHQ/fastmcp/blob/main/src/fastmcp/server/auth/providers/aws.py#L40" target="_blank"><Icon icon="github" style="width: 14px; height: 14px;" /></a></sup>

`verify_token` <sup><a href="https://github.com/PrefectHQ/fastmcp/blob/main/src/fastmcp/server/auth/providers/aws.py#L53" target="_blank"><Icon icon="github" style="width: 14px; height: 14px;" /></a></sup>

`AWSCognitoProvider` <sup><a href="https://github.com/PrefectHQ/fastmcp/blob/main/src/fastmcp/server/auth/providers/aws.py#L90" target="_blank"><Icon icon="github" style="width: 14px; height: 14px;" /></a></sup>

`get_token_verifier` <sup><a href="https://github.com/PrefectHQ/fastmcp/blob/main/src/fastmcp/server/auth/providers/aws.py#L207" target="_blank"><Icon icon="github" style="width: 14px; height: 14px;" /></a></sup>