Configure AWS-Cognito as an OAuth/OpenId Connect Server in Drupal-8

Download Module
miniOrange Drupal OAuth/OpenID module gives the ability to enable OAuth/OpenID Single Sign On for Drupal site. Drupal OAuth Client module is compatible with all OAuth/OpenID Providers. Here we will go through a guide to configure SSO between Drupal and AWS Cognito. By the end of this guide, AWS Cognito users should be able to login and register to Drupal site.
If you have any doubts or queries you can contact us at drupalsupport@xecurify.com. We will help you to configure the module.

Step 1: Configure AWS Cognito as an OAuth/OpenId Connect Server

  • Go to https://console.aws.amazon.com/console/home and Sign up/Login in your account.
    • AWS-Cognito_sso_AWS go to link
  • Search for Cognito in the AWS Services search bar as shown below.
    • AWS-Cognito_sso_AWS search cognito
  • Click on Manage User Pools button to see the list of your user pools.
    • AWS-Cognito_sso_AWS manage user pools
  • Click on Create a user pool to create a new user pool.
    • AWS-Cognito_sso_AWS create user pools
  • Add a Pool Name and click on the Review Defaults button to continue.
    • AWS-Cognito_sso_AWS review default
  • Scroll down and click on the Add App Client option in front of App Clients.
    • AWS-Cognito_sso_AWS add app client
  • Enter an App Client Name and click on Create app client to create an App client.
    • AWS-Cognito_sso_AWS create app client
  • Click on Return to Pool Details to come back to your configuration.
    • AWS-Cognito_sso_AWS return to pool detail
  • Click on Create Pool button to save your settings and create a user pool.
    • AWS-Cognito_sso_AWS create pool user
  • In the navigation bar present on the left side, click on the App Client Settings option under the App Integration menu.
    • AWS-Cognito_sso_AWS app client setting
  • Select Cognito User Pool checkbox under Enabled Identity Providers. Enter your Callback/Redirect URL which you will get from your miniOrange OAuth client module present on your Client side under the CallBack URls text-field. Select Authorization code grant checkbox under the Allowed OAuth Flows and also select openid and profile checkboxes under the Allowed OAuth Scopes option (Please refer to the image below). Click on the Save Changes button to save your configurations.
    • AWS-Cognito_sso_AWS save your configuration
  • Click on Choose Domain Name option to set a domain name for your app.
    • AWS-Cognito_sso_AWS domain name
  • Enter your Domain Name under the Domain Prefix text-field and click on the Save Changes button to save your domain name.
    • AWS-Cognito_sso_AWS domain prefix
  • Click on App Clients option under the General Settings menu in the left side navigation bar. Then, click on the Show Details button to see your App details like Client ID, Client secret etc.
    • AWS-Cognito_sso_AWS app detail client ID,client secret
  • Copy the Client App ID and App Client Secret text field values and save them under your miniOrange OAuth client module present on the client side under the Client Id and the Client Secret text fields respectively.
    • AWS-Cognito_sso_AWS client app id,client app
  • You have successfully completed your AWS Cognito App OAuth Server side configurations.

Step 2: Configure miniOrange Drupal 8 OAuth Client module.

  • Click on the link here to download the miniOrange OAuth Client module.
  • Scroll down and download module by clicking in the zip option under Downloads.
    • AWS-Cognito_sso_Drupal go to link
  • Login in your Drupal 8 site’s admin console and click on Extend from the top navigation bar.
  • Select the Install new module option to install a new module on your Drupal 8 site.
    • AWS-Cognito_sso_Drupal install module
  • Upload the downloaded zip file of the Module and click on the Install button to continue.
  • Select Enable newly added modules.
    • AWS-Cognito_sso_Drupal install module
  • Scroll down till you find miniOrange OAuth Client. Click on the checkbox next to it and click on the Install button to enable the module.
    • AWS-Cognito_sso_Drupal navigation bar
  • Click on Configuration from the top navigation bar and Select Drupal OAuth client Configuration.
    • AWS-Cognito_sso_Drupal configuration page
  • Register/Login to your miniOrange account.
    • AWS-Cognito_sso_Drupal register login
  • Click on the Configure OAuth Client tab and select your OAuth Provider from the Select Application dropdown. In case you do not find your OAuth Provider listed in the dropdown, please select Custom OAuth Provider and continue.
    • AWS-Cognito_sso_Drupal click on save
  • Enter your OAuth Provider information in their respective fields and click on the Save button to continue. Also, copy the Callback/Redirect URL and save it on your OAuth Provider.
    • AWS-Cognito_sso_Drupal test configuration
  • Now click on the Test Configuration option. This Test Configuration link will give you the list of the attributes that are coming from your OAuth Provider.
    • AWS-Cognito_sso_Drupal test configuration
  • Copy the email and the name attributes and save them under the Attribute & Role Mapping tab in the Email Attribute and Name Attribute text field respectively.

    • Please note: This step is mandatory for your login to work. Click on the Save button on the bottom of the page to save your attribute configurations.

    AWS-Cognito_sso_Drupal click on save
  • Now logout and go to your Drupal 8 site’s login page, you will automatically find a Login withYour OAuth Provider link there. If you want to add your login link to other pages as well, please follow the steps given in the below image:
    • AWS-Cognito_sso_Drupal logout
  • If you want to check out our complete list of features and our various licensing plans, you can go to the Licensing Plan tab in the module.
  • Still, if you are facing any difficulty or if you have any questions in mind, you can reach out to us by submitting a query in the Support tab of a module or by sending us a mail at info@xecurify.com.

    • Congratulations, you have successfully configured the miniOrange Drupal 8 OAuth Client module.