Skip to content
This repository was archived by the owner on Jul 10, 2021. It is now read-only.

docs(OAuth2):added guide for aws cognito #2017

Open
wants to merge 7 commits into
base: master
Choose a base branch
from
Open

docs(OAuth2):added guide for aws cognito #2017

Changes from 3 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
c37f033
added guide for aws cognito
joetancy Aug 31, 2020
f053aea
Merge branch 'master' into patch-1
joetancy Sep 15, 2020
bbdd7c0
Edited the doc based on comments in PR #2017
joetancy Sep 15, 2020
7e978a2
better bullet formatting
joetancy Sep 16, 2020
ee84cca
Merge branch 'master' into patch-1
joetancy Sep 17, 2020
e5c856c
Merge branch 'master' into patch-1
joetancy Sep 22, 2020
20a12b9
Merge branch 'master' into patch-1
joetancy Oct 15, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
62 changes: 62 additions & 0 deletions setup/security/authentication/oauth/cognito/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
---
title: "AWS Cognito"
sidebar:
nav: setup
---

This page instructs you on how to obtain an OAuth 2.0 client ID and client secret for
use with your AWS Cognito User Pools.

## Setting up an AWS Cognito App Client

1. Navigate to [https://aws.amazon.com/cognito/](https://aws.amazon.com/cognito/) and log in with your AWS credentials.
2. Search for Cognito in the search bar.
3. Select the user pools you want Spinnaker to use.
4. At the side bar under "General settings", select "App clients", add a client.
Copy link
Contributor

@dorbin dorbin Oct 15, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
4. At the side bar under "General settings", select "App clients", add a client.
4. At the side bar under **General settings**, select **App clients**, add a client.

Copy link
Contributor

@dorbin dorbin Oct 15, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, @joetancy, I should have done this the last time I looked at this. Can you change all UI elements to be in boldface instead of double-quotes? Thanks!

https://developers.google.com/style/ui-elements

- Make sure you select "Generate client secret."
5. After that go to "App integration", then to "App client settings."
a) Select "Cognito User Pool" as one of the "Enabled Identity Providers."
Copy link
Contributor

@dorbin dorbin Sep 15, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@joetancy I don't know if you've set yourself up to preview your changes, but these substeps might not resolve the way you want them to. If you are previewing, and this looks ok, then ignore this comment.

But Markdown usually wants sub steps to start with 1. , just like the first-level steps. And the indentation causes Markdown to give them letters instead of numbers.

Copy link
Author

@joetancy joetancy Sep 16, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

apologies, fixed in the next commit!

b) Input your callback URL.
c) Check the following
- Authorization code grant, Implicit grant
- email, openid
d) Also make sure you already have a domain name for your hosted UI

Have these credentials ready before moving on to the next step
Copy link
Contributor

@dorbin dorbin Oct 15, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Have these credentials ready before moving on to the next step
Have these credentials ready before moving on to the next step:

- App client id
- App client secret
- Hosted UI domain name

## Configure Halyard

You can configure Halyard either with the [CLI](/reference/halyard/commands/) or by manually editing the hal config.

### Hal config

```yaml
security:
authn:
oauth2:
enabled: true
client:
clientId: {CLIENT_ID}
clientSecret: {CLIENT_SECRET}
accessTokenUri: {YOUR_DOMAIN_NAME}/oauth2/token
userAuthorizationUri: {YOUR_DOMAIN_NAME}/oauth2/authorize
preEstablishedRedirectUri: {GATE_URL}/login
useCurrentUri: false
resource:
userInfoUri: {YOUR_DOMAIN_NAME}/oauth2/userInfo
userInfoMapping: {}
provider: OTHER
```

### CLI

1. Set up OAuth 2.0 with AWS Cognito:

`hal config security authn oauth2 edit --provider OTHER --client-id (client ID from above) --client-secret (client secret from above) --access-token-uri (your domain name)/oauth2/token --user-authorization-uri (your domain name)/oauth2/authorize --user-info-uri (your domain name)/oauth2/userInfo`

2. Enable OAuth 2.0 using:

`hal config security authn oauth2 enable`