SSO configuration using AWS Cognito
Here I will share how to set up SSO (Single-Sign-On) using AWS Cognito with a user pool. AWS Cognito is a fully managed service that provides a secure user directory. It also supports social Federation identity like Google, Facebook, etc. So basically if you need a custom login with SSO functionality, AWS Cognito is best to solve your purpose.
Our Goal to create a User Pool in Cognito as well as an Angular web application, leverage the Cognito based user login page to authorize user and provide bearer token to validate the user.
Let's Begin -
Step 1: Log in to the AWS console and search Cognito and click it.
Step 2: Select Manage User Pool and then create User Pool
Step 3: Create a user pool ('openamuserpool') and click review details
Step 4: Choose the User name attribute and select the Email address or Phone number
Step 5: A set application domain name
Step 6: Click on create the pool and save your Client Id and Secret.
Step 7: Set your redirection URL and logout URL. Now you are good to integrate the page in your application.
Create one angular application with two-component let's say. One Home Component and another Dashboard component. The home component will call the login page, validate the user, and redirect to the dashboard page. The dashboard page will have a logout button, by clicking on it, the application will redirect to the home page.
To handle the URL redirection, you need to create one resolver to extract the token from the call back URL and responsible to call the auth 2 token API to get access_toekn, refresh_token. Like the following code will be responsible to provide you the code from the redirect URL.
Please Note: The redirect URL code can be used only once to get access_token, refresh_token.
To fetch the token from Cognito - the following API needs to be called -
API - https://<domain name>.auth.us-east-1.amazoncognito.com/oauth2/token
Get API call syntax -
You can check the sample code on GitHub.
Next blog I will demonstrate how we can integrate SSO using OpenAM ForgeRock as an IDP with SMAL assertion.
- Lazy Panda