Laravel OAuth Single Sign-On (SSO) plugin gives the ability to enable OAuth Single Sign-On for your laravel applications. Using Single Sign-On you can use only one password to access your laravel application and services. Our plugin is compatible with all the OAuth compliant Identity providers. Here we will go through a step-by-step guide to configure Single Sign-On (SSO) between Laravel and AWS cognito considering AWS cognito as OAuth provider. To know more about other features we provide in Laravel OAuth client single-sign-on-sso plugin, you can click here.

Installation Laravel Oauth Client Package

• Open a Command Prompt window and change the working directory to your Laravel app's main directory.
• Enter the below command.

  composer require miniorange/oauth-laravel-free

• After successful installation of package, go to your Laravel app in the browser and enter {laravel-application-domain}/mo_oauth_admin
• The package will start setting up your database for you and then redirect you to the admin registration page.
• Register or log in with your miniOrange account to configure the plugin.

• After login, you will see the OAuth provider Settings option, where you will get the Redirect/Callback URL. Keep it handy as it will be required later to configure AWS cognito Single Sign-On SSO plugin.

Steps to configure AWS cognito Single Sign-On (SSO) Login into Laravel

1. Configure AWS Cognito as OAuth Provider

• First of all, go to Amazon Console and sign up/login in your account to Configure AWS Cognito.

• Search for Cognito in the AWS Services search bar as shown below.

• Click on Mange User Pools button to see the list of your user pools.

• Click on Create a user pool to create a new user pool.

• Add a Pool Name and click on the Review Defaults button to continue.

• Scroll down and click on “Add app client” & then again click on Add an app client.

• Enter an App Client Name and click on Create app client to create an App client.

• Click on Return to Pool Details to come back to your configuration.

• Click on Create Pool button to save your settings and create a user pool.

• In the navigation bar present on the left side, click on the App Client Settings option under the App Integration menu.

• Enable Identity provider as Cognito user pool and enter your Callback/Redirect URL which you will get from your laravel oauth package present under the Redirect/CallBack URLs text-field. Select Authorization code grant checkbox under the Allowed OAuth Flows and also select openid and profile checkboxes under the Allowed OAuth Scopes option (Please refer to the image below). Click on the Save Changes button to save your configurations.

• Click on Choose Domain Name option to set a domain name for your app.

• Go to domain name and enter a domain name for your app. After adding domain name you can check its availability by clicking on “Check availability” button. After entering valid domain name click ”Save changes” button.

• Complete domain name: Copy the complete domain name {your domain name}.auth.{region name}.amazoncognito.com. You need to enter this into the endpoints field under <cognito-app-domain> in the laravel OAuth Single Sign-On (SSO) package.

• Go to “App client” and click on “Show details” to get a client ID and client secret. (Keep client ID and client secret handy as you will need it later.)

• Click on Users and groups option under the General Settings menu in the left side navigation bar. Then, click on the Create user button to add a new user.

• Fill all the required details and click on Create user.

• You can see the new user created.

2. Configure Laravel OAuth plugin as OAuth Client

• Go to the miniOrange Laravel OAuth SSO package and click on Choose Cognito as OAuth provider.

• Enter the Client ID and Client Secret from AWS cognito App client tab.

• Please refer the below table for configuring the Scope and Endpoints or else after selecting Cognito scope and Endpoints will added automatically in there respective fields :



Scope:	openid
Authorize Endpoint:	https://<cognito-app-domain>/oauth2/authorize
Access Token Endpoint:	https://<cognito-app-domain>/oauth2/token
Get UserInfo Endpoint:	https://<cognito-app-domain>/oauth2/userInfo



• You can send the client credentials in header and send state parameter accordingly also enter login attribute as per your requirement.

• Click on save settings button. After that, Click on test configuration button. you will get the list of Attribute Names and Attribute Values that are sent by your OAuth provider

3. SSO Options

• You can also use a link to login via your OAuth/OpenID provider.
• This link is in the format:

  {laravel-application-domain}/ssologin.php?option=oauthredirect

4. Support / Demo

• Support and Trial/Demo Request tabs are available for customers to reach out to for demos and support.

In this Guide, you have successfully configured AWS cognito Single Sign-On (SSO) using Laravel as OAuth Client. This solution ensures that you are ready to roll out secure access to your Laravel site using AWS cognito login credentials within minutes.

Additional Resources

• Guide For Single Sign On (SSO)
• Laravel Installation