I've been searching for 2 days and I'm still not sure what I'm supposed to do.
What I currently have is an authentication flow which uses php to search a database to validate the correct userID and password from an user.
However I want to alter this authentication to use "Amazon Cognito User Pools", even though there is a PHP SDK this specific feature (still in beta) doesn't seem to exist for it yet. The examples and sdks that this can currently handle are Mobile (iOS, Android) and Web (JavaScript).
So I have to authenticate as if I was doing a web app (with JavaScript).
To do so I thought I had to replace the authentication php file in where it checks the database to use this JavaScript authentication instead.
As far as i know PHP files don't just execute JavaScript in the middle of a script, but instead they render it to the html result webpage, then the client browser can execute them instead. This would weaken the security and also is not what I want.
So my second idea was to make the PHP call a RESTful request to the same server but a different file. Then the file would be a JavaScript function which authenticates and does everything required and returns the result, then the php file would have the result and I can continue with the normal flow.
Now this seems very strange and kind of wrong, because for my server to use JavaScript files that consume RESTful requests it seems I need to install and run node.js as well.
Is this really the correct approach?