The authentication here is no longer recommended and the newer Oauth2 recommendations are to use both state and client secrets. I have implemented such an authentication here: https://github.com/holy-order-of-the-lambda-cube/CognitoOauth2S3Website
The differences between the two projects are too divergent for a pull request but the essence of the lambda@edge function is similar and I was able to do a client secret directly from lambda to avoid exposing the secret to the browser.
I can change the licensing if necessary if you would like to adapt my script to include here for a much more secure authentication.
The authentication here is no longer recommended and the newer Oauth2 recommendations are to use both state and client secrets. I have implemented such an authentication here: https://github.com/holy-order-of-the-lambda-cube/CognitoOauth2S3Website
The differences between the two projects are too divergent for a pull request but the essence of the lambda@edge function is similar and I was able to do a client secret directly from lambda to avoid exposing the secret to the browser.
I can change the licensing if necessary if you would like to adapt my script to include here for a much more secure authentication.