Cognito Steps:
Choose Region (top right)
Review Defaults
Create User Pool
Users and groups
Create User (phone number format: +303......)
App clients
Add an app client
Create app client
Show details (shows client id and client secret)
App client settings
Enable Identity Provider
Callback URL (local.fusionauth.io/oauth/callback?)
Allowed OAuth Flows (code grant)
Allowed OAuth Scopes (openid)
Domain Name
Create domain
FusionAuth Steps:
Settings
Identity Providers
Add OIDC IdP
Client Id From Cognito App client
HTTP basic authentication
Client Secret from Cognito App client
Visit https://cognito-idp.[region].amazonaws.com/[userPoolId]/.well-known/openid-configuration for endpoints (replace variables) If you have a domain set make sure this is reflected in the endpoints, there may be some lag
Authorization endpoint
Token Endpoint
Userinfo endpoint
Scope = openid
Linking strategy -> link on email. Create the user if they do not exist
No lambda
Enable for applications
See @matt1hathcock for more details when we get around to doing this.
Cognito IdP Setup:
Cognito Steps: Choose Region (top right) Review Defaults Create User Pool Users and groups Create User (phone number format: +303......) App clients Add an app client Create app client Show details (shows client id and client secret) App client settings Enable Identity Provider Callback URL (local.fusionauth.io/oauth/callback?) Allowed OAuth Flows (code grant) Allowed OAuth Scopes (openid) Domain Name Create domain
FusionAuth Steps: Settings Identity Providers Add OIDC IdP Client Id From Cognito App client HTTP basic authentication Client Secret from Cognito App client Visit https://cognito-idp.[region].amazonaws.com/[userPoolId]/.well-known/openid-configuration for endpoints (replace variables) If you have a domain set make sure this is reflected in the endpoints, there may be some lag Authorization endpoint Token Endpoint Userinfo endpoint Scope = openid Linking strategy -> link on email. Create the user if they do not exist No lambda Enable for applications
See @matt1hathcock for more details when we get around to doing this.