Amazon Cognito

​

Prerequisites

• Access to set up a new Amazon Cognito application in your AWS account.

​

Create an OIDC application

1. Navigate to Amazon Cognito service page, then select Set up your application.
2. Configure the application by filling out the form:
   • Application type: Traditional web application
   • Name: Ona
   • Options for sign-in identifiers:
     • Email
   • Required attributes for sign-up:
     • email
     • name
   • Return URL: https://app.gitpod.io/auth/oidc/callback
   Click the Create button

3. Obtain Client ID, Client Secret from the Overview page Upon creation of the application, you will be redirected to the then created user pool. Learn more about Amazon Cognito user pools.
   • Feel free to rename the user pool before proceeding!
   • Obtain Issuer URL
     • You’ll find the User pool ID here
     • The pattern for the Issuer URL is: https://cognito-idp.<awsregion>.amazonaws.com/<user-pool-id>
     • Verify to use the correct URL by opening the OIDC Discovery location <Issuer URL>/.well-known/openid-configuration in your browser, i.e. open https://cognito-idp.<awsregion>.amazonaws.com/<user-pool-id>/.well-known/openid-configuration.
   • Then navigate to Applications > App clients > Ona to find the details of the newly created application, and copy the information you’ll need in Ona:
     • Client ID
     • Client secret

4. Configure OIDC Scopes The default selection of OIDC scopes in Amazon Cognito doesn’t meet the requirements for Ona. Please navigate to App client > Login pages > Edit to make the necessary changes.

• Ensure the Profile scope is selected here:

5. Adjust Sign-up settings to your needs
   • Disable Self-registration if you want to limit access to your application.
   • With Sign-up disabled, you may need to manage users under User management manually.

6. Continue with the SSO configuration in Ona: Clicking Save & Test