Search Results :

×

Laravel OAuth Single Sign-On (SSO) Using AWS Cognito as OAuth provider


Laravel OAuth Single Sign-On (SSO) plugin gives the ability to enable OAuth Single Sign-On for your laravel applications. Using Single Sign-On you can use only one password to access your laravel application and services. Our plugin is compatible with all the OAuth compliant Identity providers. Here we will go through a step-by-step guide to configure Single Sign-On (SSO) between Laravel and AWS cognito considering AWS cognito as OAuth provider. To know more about other features we provide in Laravel OAuth client single-sign-on-sso plugin, you can click here.

Installation Laravel Oauth Client Package

  • Open a Command Prompt window and change the working directory to your Laravel app's main directory.
  • Enter the below command.
    composer require miniorange/oauth-laravel-free
  • After successful installation of package, go to your Laravel app in the browser and enter {laravel-application-domain}/mo_oauth_admin
  • The package will start setting up your database for you and then redirect you to the admin registration page.
  • Register or log in with your miniOrange account to configure the plugin.
  • Laravel Single Sign On SSO plugin settings
  • After login, you will see the OAuth provider Settings option, where you will get the Redirect/Callback URL. Keep it handy as it will be required later to configure AWS cognito Single Sign-On SSO plugin.
  • Laravel Single Sign On SSO OAuth Client Settings

Steps to configure AWS cognito Single Sign-On (SSO) Login into Laravel

1. Configure AWS Cognito as OAuth Provider

  • First of all, go to Amazon Console and sign up/login in your account to Configure AWS Cognito.
  • AWS Cognito Single Sign-On (SSO) - Login to Amazon Console
  • Search for Cognito in the AWS Services search bar as shown below.
  • AWS Cognito Single Sign-On (SSO) - Search for AWS Cognito
  • Click on Mange User Pools button to see the list of your user pools.
  • AWS Cognito Single Sign-On (SSO) - AWS Cognito User Pools
  • Click on Create a user pool to create a new user pool.
  • AWS Cognito Single Sign-On (SSO) - Create New AWS Cognito Pool
  • Add a Pool Name and click on the Review Defaults button to continue.
  • AWS Cognito Single Sign-On (SSO) - Name your AWS Cognito User Pool
  • Scroll down and click on “Add app client” & then again click on Add an app client.
  • AWS Cognito Single Sign-On (SSO) - AWS Cognito App Client AWS Cognito Single Sign-On (SSO) - AWS Cognito App Client
  • Enter an App Client Name and click on Create app client to create an App client.
  • AWS Cognito Single Sign-On (SSO) - Create App Client AWS Cognito Single Sign-On (SSO) - Create App Client
  • Click on Return to Pool Details to come back to your configuration.
  • AWS Cognito Single Sign-On (SSO) - AWS Cognito Pool
  • Click on Create Pool button to save your settings and create a user pool.
  • AWS Cognito Single Sign-On (SSO) - Save AWS Cognito Pool
  • In the navigation bar present on the left side, click on the App Client Settings option under the App Integration menu.
  • AWS Cognito Single Sign-On (SSO) - AWS Cognito App Details
  • Enable Identity provider as Cognito user pool and enter your Callback/Redirect URL which you will get from your laravel oauth package present under the Redirect/CallBack URLs text-field. Select Authorization code grant checkbox under the Allowed OAuth Flows and also select openid and profile checkboxes under the Allowed OAuth Scopes option (Please refer to the image below). Click on the Save Changes button to save your configurations.
  • AWS Cognito Single Sign-On (SSO) - AWS Cognito App Client
  • Click on Choose Domain Name option to set a domain name for your app.
  • AWS Cognito Single Sign-On (SSO) - AWS Cognito Domain Names
  • Go to domain name and enter a domain name for your app. After adding domain name you can check its availability by clicking on “Check availability” button. After entering valid domain name click ”Save changes” button.
  • AWS Cognito Single Sign-On (SSO) - AWS Cognito Domain Name
  • Complete domain name: Copy the complete domain name {your domain name}.auth.{region name}.amazoncognito.com. You need to enter this into the endpoints field under <cognito-app-domain> in the laravel OAuth Single Sign-On (SSO) package.
  • AWS Cognito Single Sign-On (SSO) - AWS Cognito Domain Name
  • Go to “App client” and click on “Show details” to get a client ID and client secret. (Keep client ID and client secret handy as you will need it later.)
  • AWS Cognito Single Sign-On (SSO) - Client Details
  • Click on Users and groups option under the General Settings menu in the left side navigation bar. Then, click on the Create user button to add a new user.
  • AWS Cognito Single Sign-On (SSO) - App New User Creation
  • Fill all the required details and click on Create user.
  • AWS Cognito Single Sign-On (SSO) - Client Configuration
  • You can see the new user created.
  • AWS Cognito Single Sign-On (SSO) - App Client Configuration

2. Configure Laravel OAuth plugin as OAuth Client

  • Go to the miniOrange Laravel OAuth SSO package and click on Choose Cognito as OAuth provider.
  • Laravel Single Sign On SSO select app
  • Enter the Client ID and Client Secret from AWS cognito App client tab.
  • Laravel Single Sign On SSO save settings
  • Please refer the below table for configuring the Scope and Endpoints or else after selecting Cognito scope and Endpoints will added automatically in there respective fields :

  • Scope: openid
    Authorize Endpoint: https://<cognito-app-domain>/oauth2/authorize
    Access Token Endpoint: https://<cognito-app-domain>/oauth2/token
    Get UserInfo Endpoint: https://<cognito-app-domain>/oauth2/userInfo

  • You can send the client credentials in header and send state parameter accordingly also enter login attribute as per your requirement.
  • Laravel Single Sign On SSO select app
  • Click on save settings button. After that, Click on test configuration button. you will get the list of Attribute Names and Attribute Values that are sent by your OAuth provider
  • Laravel Single Sign On SSO save settings

3. SSO Options

  • You can also use a link to login via your OAuth/OpenID provider.
  • This link is in the format:
    {laravel-application-domain}/ssologin.php?option=oauthredirect

4. Support / Demo

  • Support and Trial/Demo Request tabs are available for customers to reach out to for demos and support.
  • Laravel Single Sign On SSO Single Sign On button Laravel Single Sign On SSO Single Sign On button

In this Guide, you have successfully configured AWS cognito Single Sign-On (SSO) using Laravel as OAuth Client. This solution ensures that you are ready to roll out secure access to your Laravel site using AWS cognito login credentials within minutes.

Additional Resources

Hello there!

Need Help? We are right here!

support