AWS Cognito AS OAuth Provider – Cloud OAuth


Part 2: Setup miniOrange with AWS Cognito


Step 1. Configure miniOrange as SP in AWS Cognito


    Obtain the following steps to get callback url.

  • Go to miniOrange Admin Console.
  • From the left navigation bar select Identity Provider. Then, click on Add Identity Provider button.
  • azure ad oauth Apps
  • You will get the callback URL here, keep it handy this would be required in next steps.
  • azure ad oauth Apps
  • Sign in to AWS Amazon.
  • Now enter “Cognito” in search textbox & select Cognito from dropdown.

  • OAuth/OpenID/OIDC Single Sign On (SSO), AWS cognito SSO Login Cognito
  • Go to “Manage your user pools”.

  • OAuth/OpenID/OIDC Single Sign On (SSO), AWS cognito SSO Login Manage user pools
  • Click on “Create a user pool”.

  • OAuth/OpenID/OIDC Single Sign On (SSO), AWS cognito SSO Login Create a user pool
  • Add pool name and select “Review Defaults”.

  • OAuth/OpenID/OIDC Single Sign On (SSO), AWS cognito SSO Login Review Defaults
  • Click on “Add app client” & then click on Add an app client.

  • OAuth/OpenID/OIDC Single Sign On (SSO), AWS cognito SSO Login Add app client
  • Enter App client name & then Click on “Create app client”.

  • OAuth/OpenID/OIDC Single Sign On (SSO), AWS cognito SSO Login Create app client
  • Click on Return to pool details. After this click on “Create Pool”.
  • Navigate to App client settings.
  • Now go to the Cognito dashboard and select “Cognito User Pool”, add callback URL here.
  • Add application home page URL has to Sign out URL.
  • Also, select Authorization code grant as “Allowed OAuth Flows” & select OpenID as “Allowed OAuth Scopes”.
  • After selecting all details click on Save changes button.

  • OAuth/OpenID/OIDC Single Sign On (SSO), AWS cognito SSO Login Save changes
  • Go to “App client” and click on “Show details” to get a client ID and client secret. (Keep client ID and client secret handy as you will need it later.)

  • OAuth/OpenID/OIDC Single Sign On (SSO), AWS cognito SSO Login App client
  • Go to domain name and enter a domain name for your app. After adding domain name you can check its availability by clicking on “Check availability” button. After entering valid domain name click ”Save changes” button.

  • OAuth/OpenID/OIDC Single Sign On (SSO), AWS cognito SSO Login domain name
  • Complete domain name: The complete domain name that you need to enter in miniOrange dashboard is {your domain name}.auth.{region name}.amazoncognito.com
  • Add Users / Groups to Cognito App : Go to Users and groups and then click on Users. After this click on Create user.

  • OAuth/OpenID/OIDC Single Sign On (SSO), AWS cognito SSO Login Add Users / Groups
  • Fill all required informations and click on Create user.

  • OAuth/OpenID/OIDC Single Sign On (SSO), AWS cognito SSO Login Create user
  • Click on Groups and then click on Create group.

  • OAuth/OpenID/OIDC Single Sign On (SSO), AWS cognito SSO Login Groups
  • Fill all required informations and click on Create group.

  • OAuth/OpenID/OIDC Single Sign On (SSO), AWS cognito SSO Login Create group

Step 2. Configure AWS Cognito in miniOrange.

  • Go to miniOrange Admin Console.
  • From the left navigation bar select Identity Provider. Then, click on Add Identity Provider button.
  • azure ad saml Apps
  • Select OAuth
  • azure ad oauth Apps
  • Enter the following values.
  • IdP Name Custom Provider
    IdP Display Name Choose appropriate Name
    OAuth Authorize Endpoint https://{cognito-app-domain}/oauth2/authorize
    OAuth Access Token Endpoint https://{cognito-app-domain}/oauth2/token
    OAuth Get User Info Endpoint (optional) https://{cognito-app-domain}/oauth2/userInfo
    Client ID This value can be obtained from the above steps
    Client secret This value can be obtained from the above steps
    Scope openid
  • Now you can click on Save.

Step 3. Test connection between miniOrange and AWS Cognito

  • Go to the miniOrange Admin Dashboard.
  • Go to Identity Providers tab. Then click on select button under the app you just created. Then click on Test Connection.
  • A new popup login window will open. Enter your credentials and login.
  • Atlassian Access Cloud SSO (Single Sign-On) Add Member
  • Now you will see TEST SUCCESSFUL in a new popup window. If not, then check if you have missed any of the above step.