AWS Cognito Multi Tenant

Multi-Tenancy or multiple organisations is a bit hard with AWS Cognito. The system itself can handle multiple user pools but it is not something they advertise cognito for. Even the front-end part is a choice itself since you need to either give single point to login to multiple organisations or provide multiple login pages to login single organisations. For my purpose where there are only certain amount of users I used single point to login.

Cognito provides built-in page to serve customizable hosted login UI. I didn't want that and I found it really time consuming to make things work from my SPA front-end. This time it might be me to be the stupid here.

1. For multi-tenancy I first ask for email
2. Given email has its tenant and tenant has it's pool id (in dynamo db)
3. The rest is copied from here https://stackoverflow.com/questions/49012091/aws-cognito-authorization-code-grant-flow-without-using-the-hosted-ui
4. Except that it was impossible to make it work from SPA without CORS headers, I made a small proxy to pass the traffic to cognito endpoints https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-userpools-server-contract-reference.html
5. But after all I had multi-tenant cognito user pools with SPA frontend