Skip to main content

Cognito

About 2 min

This session shows how to create an app client on the Cognito console. When registering the application, we are getting the following values that are needed for later configuration in Datawiza Cloud Management Console (DCMC):

  • Client ID
  • Client Secret
  • Issuer
  • Domain

Create a User Pool

  1. Log in to the AWS Consoleopen in new window account. Search Cognito in search bar: AWS Cognito SSO | Cognito AWS MC

  2. Click Create a user pool: AWS Cognito SSO | Cognito User Pool

  3. Check username and email, and then click Next: AWS Cognito SSO | Cognito User Pool

  4. To proceed, verify that Authentication Apps is selected as your MFA method. If you are only testing, you may choose No MFA. Ensure that all settings are left as their defaults, and then click Next: AWS Cognito SSO | MFA method

  5. If you want the Datawiza Access Proxy can pass more attributes, you can select the additional attributes here, and then click Next: AWS Cognito SSO | Additional Attribute

  6. Choose Send email with Cognito and then click Next: AWS Cognito SSO | Send Email

  7. Input the User pool name: AWS Cognito SSO | Cognito User Pool

  8. Choose app type as Confidential client, and input the App client name, then click Next: AWS Cognito SSO | Cognito User Pool

  9. Review all your settings and click the Create user pool: AWS Cognito SSO | Finish Settings

Now, you have successfully created the app client. Note down the Pool ID: AWS Cognito SSO | Cognito App Client

The Issuer we required is in the form of https://cognito-idp.${AWS-REGION}.amazonaws.com/${Pool_ID}. For example, it should be https://cognito-idp.us-west-1.amazonaws.com/us-west-1_JnFFmhMb5 for our test app client.

Click the App Integrated tab and scroll down to the bottom of the page. Click the client app you just created: AWS Cognito SSO | Cognito App Client

Note down the App client id and App client secret: AWS Cognito SSO | Cognito App Client

Click the Edit Hosted UI. Input Callback URL(s), which should be http://localhost:9772/datawiza/authorization-code/callback and choose Cognito user pool for Identity Providers. For OAuth 2.0 grant types, select Authorization code grant. For OpenID Conenct scopes, select Email, openid, and Profile. Then click Save changes. AWS Cognito SSO | Cognito App ClientAWS Cognito SSO | Cognito App Client

Select Domain, input the Domain prefix and note down the whole domain. It is the Domain we required: AWS Cognito SSO | Cognito App Client

User and Groups

User

  1. Select Users and Groups, click Create User. Input the basic information, then click Create User: AWS Cognito SSO | Cognito Users and Groups

Groups (Optional)

  1. Select Groups tab and click Create group, Input the basic information, then click Create group: AWS Cognito SSO | Cognito Users and Groups

  2. Click the group we just created, then click Add user to group: AWS Cognito SSO | Cognito Users and Groups Add the user: AWS Cognito SSO | Cognito Users and Groups

Summary

We have shown how to register an app client on Cognito. Please make sure to save the following values for later setting in Datawiza Cloud Management Console.

  • Client ID
  • Client Secret
  • Issuer
  • Domain

Reference

Getting Started with Amazon Cognitoopen in new window

Copyright © 2024 Datawiza Technologies Inc