AWS Cognito Single Sign-On SSO Magento Setup Guide with OAuth OpenID Connect

Magento OAuth/OpenID Connect Single Sign-On module gives the ability to enable OAuth/OpenID Single Sign-On for Magento. If you want users to log in to your Magento site using their Aws Cognito credentials, you can simply do it using our Magento OAuth/OpenID Connect Single Sign-On module. Once you configure the Aws Cognito with the Magento module, you can allow users to SSO to your Magento site using AWS Cognito. To know more about other features we provide in the Magento OAuth/OpenID Connect Single Sign-On module, you can click here.


Step 1: Download and Installation



  • You can download the miniOrange OAuth OpenID Connect SSO Free plugin from the Magento Marketplace.
  • Select Your Magento Store version from the Dropdown.
  • Click on Add to cart.
  • Go to the cart and checkout to buy the plugin.
  • Click on Download and save the miniOrange OAuth OpenID Connect SSO Plugin zip.
  • Unzip all contents of the zip inside the MiniOrange/OAuth directory.
  • Run the following commands on command prompt to enable the plugin-
  •       1. php bin/magento setup:upgrade

    Magento2 OAuth/OpenID/OIDC AWS Cognito Single Sign-On magento2 command for upgrade
          2. php bin/magento setup:di:compile

    Magento2 OAuth/OpenID/OIDC AWS Cognito Single Sign-On magento2 command for compile


  • Download the miniOrange OAuth OpenID Connect SSO plugin zip.
  • Go to magento root directory.
  • Create the new directories MiniOrange/OAuth inside the app/code directory.
  • Unzip all contents of the zip inside the MiniOrange/OAuth directory.
  • Run the following commands on command prompt to enable the plugin-
  •       1. php bin/magento setup:upgrade

    Magento2 OAuth/OpenID/OIDC AWS Cognito Single Sign-On magento2 command for upgrade
          2. php bin/magento setup:di:compile

    Magento2 OAuth/OpenID/OIDC AWS Cognito Single Sign-On magento2 command for compile

Step 2: Setup Cognito as OAuth Provider

  • Sign in to AWS Amazon.
  • Search for Cognito in the AWS Services search bar as shown below.
  • Magento2 OAuth/OpenID/OIDC AWS Cognito Single Sign-On Magento2 OAuth/OpenID/OIDC aws congnito Single Sign-On Search for AWS Cognito
  • Click on Mange User Pools button to see the list of your user pools.
  • Magento2 OAuth/OpenID/OIDC aws congnito Single Sign-On AWS Cognito User Pools
  • Click on Create a user pool to create a new user pool.
  • Magento2 OAuth/OpenID/OIDC AWS Cognito Single Sign-On Create New AWS Cognito Pool
  • Add a Pool Name and click on the Review Defaults button to continue.
  • Magento2 OAuth/OpenID/OIDC AWS Cognito Single Sign-On AWS Cognito User Pool
  • Scroll down and click on the Add App Client option in front of App Clients.
  • Magento2 OAuth/OpenID/OIDC aws congnito Single Sign-On AWS Cognito App Client
  • Click on Add an App Client. Enter an App Client Name and click on Create app client to create an App client.
  • Magento2 OAuth/OpenID/OIDC aws congnito Single Sign-On Create App Client
  • Click on Return to pool details. After this click on “Create Pool”.
  • Navigate to App client settings.
    • Select “Cognito User Pool”.
    • Enter your Callback/Redirect URL which you will get from your miniOrange plugin present on your Client side under the CallBack URLs text-field.
    • Magento2 OAuth/OpenID/OIDC aws congnito Single Sign-On Configure call back url
    • Add application home page URL has to Sign out URL.
    • Also, select Authorization code grant as “Allowed OAuth Flows” & select OpenID as “Allowed OAuth Scopes”.
    • After selecting all details click on Save changes button.
    • OAuth/OpenID/OIDC Single Sign On (SSO), AWS cognito SSO Login Save changes
  • Go to “App client” and click on “Show details” to get a client ID and client secret.
  • OAuth/OpenID/OIDC Single Sign On (SSO), AWS cognito SSO Login App client
  • Go to domain name and enter a domain name for your app. After adding domain name you can check its availability by clicking on “Check availability” button. After entering valid domain name click ”Save changes” button.
  • OAuth/OpenID/OIDC Single Sign On (SSO), AWS cognito SSO Login domain name
  • Complete domain name: The complete domain name that you need to enter in plugin is {your domain name}.auth.{region name}.amazoncognito.com
  • Add Users / Groups to Cognito App : Go to Users and groups and then click on Users. After this click on Create user.
  • OAuth/OpenID/OIDC Single Sign On (SSO), AWS cognito SSO Login Add Users / Groups
  • Fill all required informations and click on Create user.
  • OAuth/OpenID/OIDC Single Sign On (SSO), AWS cognito SSO Login Create user
  • Click on Groups and then click on Create group.
  • OAuth/OpenID/OIDC Single Sign On (SSO), AWS cognito SSO Login Groups
  • Fill all required informations and click on Create group.
  • OAuth/OpenID/OIDC Single Sign On (SSO), AWS cognito SSO Login Create group
  • You have successfully completed your AWS Cognito App OAuth Server side configurations.

Step 3: Configuring Magento 2 as OAuth Client

  • After successfully configuring OAuth Provider, go to OAuth Provider tab and configure OAuth Provider Name, Client ID, Client Secret, Scope and provided endpoints. (You can copy these values in STEP 2 from the application dashboard.)

    Please refer below Endpoints to configure the OAuth client.


    Client ID : Click Here
    Client Secret : Click Here
    Scope: openid
    Authorize Endpoint: https://<cognito-app-domain>/oauth2/authorize
    Access Token Endpoint: https://<cognito-app-domain>/oauth2/token
    Get User Info Endpoint: https://<cognito-app-domain>/oauth2/userInfo
    Custom redirect URL after logout:[optional] https://<cognito-app-domain>/logout?client_id=<Client-ID>&logout_uri=<Sign out URL configured in Cognito Portal>
  • Click on the Save button to save the settings.
  • Click on the Test Configuration button.
  • Magento 2 OAuth credentials
  • You will see all the values returned by your OAuth Provider to Magento in a table. If you don't see value for First Name, Last Name, Email or Username, make the required settings in your OAuth Provider to return this information.
  • The miniOrange Premium Plugin also provides you the the feature to auto redirect your user to the IdP Login Page.
  • Magento 2 OAuth auto redirect to idp
  • Go to the Sign In Settings tab and check options to enable SSO on your Magento site.
  • Magento 2 OAuth enable SSO
  • You can map attributes in the Attribute Mapping tab. Only username and email are allowed to be mapped in free version of the plugin. However, in the premium version of the plugin, you can map various attributes coming from your OAuth Provider to the attributes present in your Magento site.
  • Magento 2 OAuth attribute mapping
  • You have successfully configured your Magento 2 as an OAuth Client. You will see the SSO button on your frontend. Click on the button and test the SSO.
  • Magento 2 OAuth SSO Magento 2 OAut client SSO

Additional Resources

Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com