MikeWatch Forks of the Mike legal-AI codebase, distilled for legal-tech readers
Home · dropthejase/louis · this thread

dropthejase rips out the login system and rebuilds it on AWS Cognito

A 25-commit overhaul moves the entire sign-in and account layer from one identity provider to another, with two-factor authentication baked in.

securityinfrastructure

This is the single biggest piece of work in the fork: dropthejase has replaced Supabase (a hosted authentication and database service) with Amazon Cognito, AWS's own user-management system, across the infrastructure, the back end, and the front end. The new setup ships with a stronger password policy and optional time-based two-factor authentication - the six-digit codes from an app like Google Authenticator - so accounts can be locked down harder than before.

The login, signup, and account-deletion flows were all rewritten to match, and deleting an account now cleanly cascades through the user's data. dropthejase is candid that the switch is expensive: anyone adopting it would have to migrate existing users, rewire every place the app checks who you are, and redeploy. If you're happy on Supabase, skip it.

So what Worth a look for teams who need enterprise-grade login security and want their auth living inside AWS rather than a third-party service.

View this fork on GitHub →

Spotted something wrong? Or know the PR text has fresher detail than the writeup above?

Commits in this thread

25 commits from dropthejase/louis, oldest first. Source extracted verbatim from the harvested git log.

SHA Subject Author Date
0ae592f4 feat(infra): add AuthStack with Identity Pool, Lambda authorizer, per-user S3 policy Jason Lee 2026-05-06 ↗ GitHub
2d294a87 feat(infra): add pre-token-gen Lambda for Cognito role claim injection Jason Lee 2026-05-07 ↗ GitHub
810abdef feat(infra): Cognito User Pool (TOTP MFA, strong passwords, required attrs); native API Gateway Cognito authorizer Jason Lee 2026-05-07 ↗ GitHub
d6dbb5ef chore(infra): delete unused Lambda Token authorizer Jason Lee 2026-05-07 ↗ GitHub
c95ee849 feat(backend): read userId from Cognito authorizer claims instead of Lambda context Jason Lee 2026-05-07 ↗ GitHub
dfd69c1b feat(frontend): Amplify Auth module; update Identity Pool to use Cognito id token Jason Lee 2026-05-08 ↗ GitHub
559f50b7 feat(frontend): rewrite AuthContext and AwsContext to use Amplify Auth instead of supabase.auth Jason Lee 2026-05-08 ↗ GitHub
358951f9 feat(frontend): replace supabase.auth.getSession() with getIdToken() across all callers Jason Lee 2026-05-08 ↗ GitHub
99aa05a4 feat(frontend): signup page with email verification and TOTP MFA setup flow Jason Lee 2026-05-08 ↗ GitHub
67850660 feat(frontend): login page using Amplify signIn Jason Lee 2026-05-08 ↗ GitHub
28290d3c feat(task-13): env vars, replace supabase direct query with backend session-id endpoint Jason Lee 2026-05-08 ↗ GitHub
f99ecb08 docs: update README and ARCHITECTURE for Cognito User Pool auth migration Jason Lee 2026-05-08 ↗ GitHub
396019f8 docs: redraw architecture diagram to show Cognito User Pool, Pre-Token Gen Lambda, Identity Pool Jason Lee 2026-05-08 ↗ GitHub
fe40ca91 feat(auth): post-confirmation and post-deletion lambdas, move supabase secret to AuthStack Jason Lee 2026-05-08 ↗ GitHub
ce910c1e feat: replace Supabase deleteUser with Cognito AdminDeleteUser Jason Lee 2026-05-08 ↗ GitHub 
DELETE /user/account now calls AdminDeleteUserCommand. Lambda role gets
cognito-idp:AdminDeleteUser on the user pool ARN. USER_POOL_ID injected
as Lambda env var from CDK.
5e6962d9 Remove pre-token-gen Lambda (Supabase RLS role claim, unused on Aurora) Jason Lee 2026-05-08 ↗ GitHub
2847ef2b fix(backend): cascade delete user data before Cognito AdminDeleteUser Jason Lee 2026-05-08 ↗ GitHub
30088221 feat(infra): store email in user_profiles on Cognito post-confirmation Jason Lee 2026-05-08 ↗ GitHub
7b649fc4 Remove post-deletion Lambda (redundant - DELETE /user/account already cascades synchronously) Jason Lee 2026-05-08 ↗ GitHub
0a1d1a51 Merge feature/cognito-auth: AWS migration complete (Aurora, AgentCore, Cognito) Jason Lee 2026-05-09 ↗ GitHub
943914bd chore: disable TOTP MFA on Cognito User Pool Jason Lee 2026-05-09 ↗ GitHub
95d538d8 fix: use access token for AgentCore calls (id token missing client_id claim) Jason Lee 2026-05-11 ↗ GitHub
ecc808c6 fix: remove allowedAudience from AgentCore JWT authorizer config Jason Lee 2026-05-11 ↗ GitHub
fdffba97 docs(readme): add MFA configuration note Jason Lee 2026-05-15 ↗ GitHub
7d621a00 feat(auth): enable optional TOTP MFA on Cognito User Pool Jason Lee 2026-05-15 ↗ GitHub

Capture this thread into my fork

Download a single Markdown prompt that tells Claude how to port every commit above into your working tree — adapting paths and structure to match your repo. Run it via claude -p < capture-thread-336.md from inside the repo you want the changes in.

⬇ Download capture-thread-336.md