Support for SSO via AWS Cognito JWT Method

[ecapuano]

Might be the wrong place to make such a request, but due to lack of SAML/SSO/MFA,etc, would be ideal to be able to leverage existing authentication gateways such as Cognito. The existing SSO plugin only supports simpler HTTP header methods.

Possible Solution

Great articles below https://www.stackery.io/blog/authentication-aws-cognito/ https://github.com/awslabs/aws-support-tools/tree/master/Cognito/decode-verify-jwt https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html#amazon-cognito-user-pools-using-the-id-token

Feel free to discard if out of scope for this repo.

[Akrugerus]

Support for AWS Cognito would be possible by implementing a reverse proxy like nginx to handle authentication, but due to the reaction to 9714, this implementation would be incomplete because of the inability to provision users from the Cognito user pool. Having to manually provision users sort of defeats the purpose of implementing Cognito as you wouldn't be able to trust an audit of your Cognito policies to be accurate in regards to Graylog.