AWS: Configuring Cognito User pool + Federated Identity (Okta)
In the previous article, we set up an Angular Front end using Amplify. Now we will configure Cognito.
Objective:
- Enable Login with hosted UI
- Enable Login with Federated Identity
Setting Cognito User Pool
- Cognito Attributes
2. App Client. (Create without client-secrete)
3. App Client for User Pool
4. Domain Name (You can select your domain name)
These details will be enough for your User Pool Login in Amazon Cognito
Setting Federated Identity (Okta)
Okta is an IDP which is similar to Cognito. We are going to integrate Okta in Cognito. For this, we are going to use Userpool Federated Identity.
- Okta Setup
- Create an App for Cognito
2. Configure the following details in General Settings
3. Under Sign-On tab, note down the issuer URL
4. Assign User to Application
Note: Cognito to Okta, is a service to service authentication. So we don’t enable PKCE flow in Okta.
You have completed the Okta Setup.
- AWS Cognito Federation for Okta
- Under Identity Provider, Configure Okta for OpenId Connect
2. Add the identity provider in App Client Settings
3. We can test if everything is working fine using Postman
- Grand Type: Authorization Code
- Callback: The Callback URL Set in Cognito
- Auth URL: https://<domain>.auth.us-east-1.amazoncognito.com/oauth2/authorize
- Access Token URL: https://<domain>.auth.us-east-1.amazoncognito.com/oauth2/token
- Client ID: Paste from Cognito
- Client Secret: Paste from Cognito (If created)
- Scope: The Selected scope in cognito
When you click “Request Access Token”, you will be redirected to the login page. After signing in, you will be getting the access token and identity token.
We have now completed configuring Cognito for User Pool & Federated Identity.
Note:
- In Angular, you can directly redirect to Okta UI, by providing Custom IdP.
2. When we select UserPool Federated Identity, a user will be created inside Cognito User Pool after user logs into Federated Identity.
2. Similarly, a Group will be associated with that User
In the next tutorial, we will integrate this IDP with a spring boot resource server.
Found it Interesting?
Please show your support by 👏.