Document settings and configuration for OIDC using Cognito as a provider within Sonador
As an identity provider (IdP), AWS Cognito is different in several ways from other systems such as GitLab, Facebook, or Google. For this reason, and due to its central role in the AWS ecosystem, we need to have documentation which talks about the setup and configuration of Cognito within Sonador.
Outline for docs:
- (Brief) What is OIDC? How does it work? What is an identity provider?
- Introduce Cognito and explain its role within AWS
- Part 1: Setup a Cognito instance for authentication and authorization
- How to launch the instance
- Registering Sonador as an application
- Obtaining the application client ID and secret
- Part 2: Configure Sonador to use Cognito as an IdP
- Edit the Cognito provider settings to incorporate the URL for the Cognito instance in part 1
- Create an "Authentication Server" with the client ID and secret obtained in part 1
- Copy the redirect URL (available form the admin) to Cognito so it is able to redirect traffic
- Test integration:
- it should be possible to login
- new accounts should be created for users not registered in the system
- user details (username, first name, password) should be propagated from Cognito
Writeup should be put in two places:
- Sonador documentation/environment wiki
- Posted to the Oak-Tree Technologies "Lab Notes" blog