AWS Cognito support

Question

AWS Cognito support

bnfinet opened this issue 5 years ago · comments

from the #vouch irc channel...

Vouch Proxy is confirmed working with AWS Cognito

oauth.user_info_url must be set with upper case I for oauth2/userInfo

oauth:
  provider: oidc
  auth_url: https://YOURDOMAIN.auth.eu-west-2.amazoncognito.com/oauth2/authorize
  token_url: https://YOURDOMAIN.auth.eu-west-2.amazoncognito.com/oauth2/token
  user_info_url: https://YOURDOMAIN.auth.eu-west-2.amazoncognito.com/oauth2/userInfo
  scopes:
    - openid
    - email
    - profile

trulyliu · Answer 1 · Mon Aug 26 2019 17:45:13 GMT+0800 (China Standard Time)

How should I configure in AWS Cognito user pool?

Benjamin Foote · Answer 2 · Tue Aug 27 2019 02:49:52 GMT+0800 (China Standard Time)

@trulyliu unfortunately I'm only relaying from the IRC channel that AWS Cognito is supported

I wonder if #115 would offer any hint

trulyliu · Answer 3 · Tue Aug 27 2019 16:05:27 GMT+0800 (China Standard Time)

oauth:

Generic OpenID Connect

provider: oidc
client_id: your_app_clientid
client_secret: your_app_client_secret
auth_url: https://yourdomain.auth.eu-west-1.amazoncognito.com/oauth2/authorize
token_url: https://yourdomain.auth.eu-west-1.amazoncognito.com/oauth2/token
user_info_url: https://yourdomain.auth.eu-west-1.amazoncognito.com/oauth2/userInfo
scopes:
- openid
- email
- profile
callback_url: https://vouch.yourdomain.com/auth

config in AWS cognito
enable openid, email, and profile in app settings
app client callback url : https://vouch.yourdomain.com/auth,
logout url: https://vouch.yourdomain.com/logout

Beware the domains settings in config.yml,
it should be yourdomain.com.

This setup works for me.

Michal · Answer 4 · Tue Aug 27 2019 17:00:48 GMT+0800 (China Standard Time)

Just wanted to respond but I see that you solved it yourself.
That's pretty much as I have it set up as well, good work.