Document setting up cognito as an OIDC provider

[mooreds]

Cognito IdP Setup:

Cognito Steps: Choose Region (top right) Review Defaults Create User Pool Users and groups Create User (phone number format: +303......) App clients Add an app client Create app client Show details (shows client id and client secret) App client settings Enable Identity Provider Callback URL (local.fusionauth.io/oauth/callback?) Allowed OAuth Flows (code grant) Allowed OAuth Scopes (openid) Domain Name Create domain

FusionAuth Steps: Settings Identity Providers Add OIDC IdP Client Id From Cognito App client HTTP basic authentication Client Secret from Cognito App client Visit https://cognito-idp.[region].amazonaws.com/[userPoolId]/.well-known/openid-configuration for endpoints (replace variables) If you have a domain set make sure this is reflected in the endpoints, there may be some lag Authorization endpoint Token Endpoint Userinfo endpoint Scope = openid Linking strategy -> link on email. Create the user if they do not exist No lambda Enable for applications

See @matt1hathcock for more details when we get around to doing this.

[mooreds]

This is done.

[mooreds]

https://fusionauth.io/docs/v1/tech/identity-providers/openid-connect/cognito