Cognito

Last updated 3 years ago

Was this helpful?

Here are step-by-step directions for configuring Cognito as an identity provider in ConsoleMe:

Under App Clients, click "Add an app client"
We've selected ALLOW_USER_PASSWORD_AUTH, and left the other settings as defaults

Click "Review", give your pool a name if you haven't already, and click "Create Pool".
Go back to "App Integration" -> "App Client Settings", enable "Cognito Identity Pool" as a valid Identity Provider, and configure the following urls under callback urls:

http://localhost:8081/auth, http://localhost:8081/oauth2/idpresponse,http://localhost:3000/auth, http://localhost:3000/oauth2/idpresponse

Under Allowed OAuth flows, select Authorization code grant
Under Allowed OAuth Scopes , select email, openid, and profile.
Create a test user and test group under Users and Groups.
Change other settings as needed to satisfy your security and authorization needs.

oidc_secrets.client_id = Client ID in Cognito (App Clients -> App Client ID)
oidc_secrets.secret = Client Secret in Cognito (App Clients -> App Client Secret)
oidc_secrets.client_scope = List of Scopes granted to the App integration in Cognito. Usually email and openid,
get_user_by_oidc_settings.jwt_groups_key = 'cognito:groups`
get_user_by_oidc_settings.metadata_url = The metadata URL of your Cognito Pool. Usually this is the following (Replace {user_pool_id} with your own pool ID):
get_user_by_oidc_settings.access_token_audience = This must be set to null, because the access token provided by Cognito does not include an audience.

In the consoleme/ui directory, run yarn
Run yarn start to have the frontend served by Yarn on http://localhost:3000. The backend API endpoints will be served by Python (Tornado) on http://localhost:8081.
Run yarn build:prod to build the frontend files and put them in a location for the backend to serve. ConsoleMe will be accessible on http://localhost:8081.

export CONFIG_LOCATION=/location/to/your/config.yaml
python /location/to/consoleme/__main__.py

Visit http://localhost:3000 (if serving via Yarn), or http://localhost:8081 (If you built the frontend files to serve via Tornado) to test.

Last updated 3 years ago

Was this helpful?

Here are step-by-step directions for configuring Cognito as an identity provider in ConsoleMe:

Under App Clients, click "Add an app client"
We've selected ALLOW_USER_PASSWORD_AUTH, and left the other settings as defaults

Click "Review", give your pool a name if you haven't already, and click "Create Pool".
Go back to "App Integration" -> "App Client Settings", enable "Cognito Identity Pool" as a valid Identity Provider, and configure the following urls under callback urls:

http://localhost:8081/auth, http://localhost:8081/oauth2/idpresponse,http://localhost:3000/auth, http://localhost:3000/oauth2/idpresponse

Under Allowed OAuth flows, select Authorization code grant
Under Allowed OAuth Scopes , select email, openid, and profile.
Create a test user and test group under Users and Groups.
Change other settings as needed to satisfy your security and authorization needs.
Make a ConsoleMe configuration. You can do this by copying to a directory of your choice and changing the various values in that file to suit your needs. The key values to change are:

oidc_secrets.client_id = Client ID in Cognito (App Clients -> App Client ID)
oidc_secrets.secret = Client Secret in Cognito (App Clients -> App Client Secret)
oidc_secrets.client_scope = List of Scopes granted to the App integration in Cognito. Usually email and openid,
get_user_by_oidc_settings.jwt_groups_key = 'cognito:groups`
get_user_by_oidc_settings.metadata_url = The metadata URL of your Cognito Pool. Usually this is the following (Replace {user_pool_id} with your own pool ID):
get_user_by_oidc_settings.access_token_audience = This must be set to null, because the access token provided by Cognito does not include an audience.

In the consoleme/ui directory, run yarn
Run yarn start to have the frontend served by Yarn on http://localhost:3000. The backend API endpoints will be served by Python (Tornado) on http://localhost:8081.
Run yarn build:prod to build the frontend files and put them in a location for the backend to serve. ConsoleMe will be accessible on http://localhost:8081.

Start ConsoleMe by setting the CONFIG_LOCATION environment variable and running consoleme/__main__.py with Python in your virtualenv (This was created in the )

export CONFIG_LOCATION=/location/to/your/config.yaml
python /location/to/consoleme/__main__.py

Visit http://localhost:3000 (if serving via Yarn), or http://localhost:8081 (If you built the frontend files to serve via Tornado) to test.