It would be convenient to allow Scott Logic users to sign into the deployed application using SSO.
We can provide this as a generic OIDC auth configuration, and as an opt-in service given all the required env vars for federated OIDC auth are found during the CDK Synth process.
Update
Best laid plans and all that... OIDC did not work on Azure side, so I opted for tried and tested SAML. Works fine, but I also needed to ditch the custom auth domain ("auth.spylogic.ai") for cognito. No big deal, just it would be nice to have that for the full-on spylogic.ai effect. I might take another look at using a custom cognito domain, which originally I couldn't get working due to CORS issues.
It would be convenient to allow Scott Logic users to sign into the deployed application using SSO.
We can provide this as a generic OIDC auth configuration, and as an opt-in service given all the required env vars for federated OIDC auth are found during the CDK Synth process.
See Cognito docs and this Amplify federated sign-in example for more info.
Update Best laid plans and all that... OIDC did not work on Azure side, so I opted for tried and tested SAML. Works fine, but I also needed to ditch the custom auth domain ("auth.spylogic.ai") for cognito. No big deal, just it would be nice to have that for the full-on spylogic.ai effect. I might take another look at using a custom cognito domain, which originally I couldn't get working due to CORS issues.