Seems like someone has been working on this documentation but not sure if it is ready: [Docs]: Add documentation for OIDC integration with AWS Cognito · Issue #15827 · appsmithorg/appsmith · GitHub
Yes. It has already been worked on but yet to be released.
It should be available in the 1 or 2 releases
Tried to do it, but I get redirected to “https://user/login?error=true”, even though authentication is successful by the identity provider. Can’t seem to find what the actual error is there.
Hello Mike! Could you please share a screen recording of the issue? Also, please share a screenshot of your OIDC configuration.
Settings:
The request goes out like this:
https://example.auth.us-west-2.amazoncognito.com/oauth2/authorize?response_type=code&client_id=******************&scope=openid email&state=zwAbkr1Uq6pZhDW2OGSAZaEitQaKqVHWBTpx89mP2iA@origin-/applications&redirect_uri=https://******************/login/oauth2/code/oidc&nonce=EfEo4QkhwKT_M1ofoOrhly3JQzBRm7G9HQYES9sb2xk
The app gets back this:
https://*******************/login/oauth2/code/oidc?code=d3103f3c-a96b-47dc-8a7f-8681afea84c2&state=zwAbkr1Uq6pZhDW2OGSAZaEitQaKqVHWBTpx89mP2iA@origin-/applications
No errors during requests, just a redirect to “https://user/login?error=true”
email is an attribute in Cognito user pool, and Email is also a scope available to the Cognito App client.
Hello Mike!
Please send us the server logs to help us investigate the issue. You can grab the logs by running docker logs -f appsmith
.
Or you could follow the steps from this guide on how to get the logs
Hi Amelia, thank you for the hint about the logs. I forgot that I have access to them.
The issue was trivial: User Info URL Endpoint has an uppercase ‘I’ in ‘oauth2/userInfo’.
It works now.
As a follow up: can this token be used to sign downstream calls to Authenticated APIs?
Are you looking to access the tokens generated after a user is successfully signed in via SSO? Please check the JWT section in our documentation.