FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    Setting up a FusionAuth ODIC identity provider with Amazon Cognito

    Scheduled Pinned Locked Moved
    General Discussion
    0
    1
    698
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      matth
      last edited by

      I followed these steps to configure a FusionAuth OIDC identity provider to enable Amazon Cognito third-party login:

      Cognito Steps:

      • Choose your desired region (top right)
      • Review default settings if needed
      • Click "Manage User Pools"
      • Click "Create a user pool" or select the desired pool
      • Navigate to "Users and groups"
      • Click "Create User: if none exist (phone number format: +3035553322)
      • Navigate to "App clients"
      • Click "Add an app client"
      • Add the app client name and click "Create app client"
      • Click "Show details" for desired app client to show client id and client secret
      • Navigate to "App client settings"
      • Select user pools to enable
      • Add callback URL(s)
      • Under Allowed OAuth Flows enable "Authorization code grant"
      • Under Allowed OAuth Scopes enable openid
      • Navigate to "Domain name"
      • Add custom domain if desired

      FusionAuth Steps:

      • Navigate to "Settings"
      • Navigate to "Identity Providers"
      • From top right dro-down click "Add OpenId Connect"
      • Add the Client Id from Cognito App client
      • Use HTTP basic authentication
      • Add the Client Secret from Cognito App client
      • Visit https://cognito-idp.[region].amazonaws.com/[userPoolId]/.well-known/openid-configuration for endpoints [replace variables]
        ** If you have a domain set make sure this is reflected in the endpoints
      • Add the Authorization endpoint
      • Add the Token endpoint
      • Add the Userinfo endpoint
      • Add openid to Scope
      • Set the Linking strategy to Link on email. Create the user if they do not exist
      • A lambda is not required but may be used to map attributes from Cognito
      • Enable this identity provider for the desired applications
      1 Reply Last reply Reply Quote 1
      • First post
        Last post