Search Results :

×

AWS Cognito SSO Login into Drupal using OAuth / OpenID connect

Drupal OAuth Client module enables Single Sign-On i.e. SSO for a Drupal site with any Identity Provider using OAuth or OpenID connect protocol. This module is compatible with Drupal 7, Drupal 8, Drupal 9, Drupal 10, and Drupal 11. Here we will go through the steps to configure the module with the AWS Cognito. Once this configuration is done, users will be able to log in to the Drupal site using their AWS credentials.

  • Download the module:
    composer require 'drupal/miniorange_oauth_client'
  • Navigate to Extend menu on your Drupal admin console and search for miniOrange OAuth Client Configuration using the search box.
  • Enable the module by checking the checkbox and click on the Install button.
  • You can configure the module at:
    {BaseURL}/admin/config/people/miniorange_oauth_client/config_clc
  • Install the module:
    drush en drupal/miniorange_oauth_client
  • Clear the cache:
     drush cr
  • You can configure the module at:
    {BaseURL}/admin/config/people/miniorange_oauth_client/config_clc
Note and Contact Us - SSO betwee two WordPress sites

Note: Manual Installation only compatible with Drupal 7, Drupal 8, and Drupal 9.


  • Navigate to Extend menu on your Drupal admin console and click on Install new module.
  • Install the Drupal OAuth & OpenID Connect Login - OAuth2 Client SSO Login module either by downloading the zip or from the URL of the package (tar/zip).
  • Click on Enable newly added modules.
  • Enable this module by checking the checkbox and click on install button.
  • You can configure the module at:
    {BaseURL}/admin/config/people/miniorange_oauth_client/config_clc
  • Download the module:
    composer require 'drupal/miniorange_oauth_client'
  • Navigate to Extend menu on your Drupal admin console and search for miniOrange OAuth Client Configuration using the search box.
  • Enable the module by checking the checkbox and click on the Install button.
  • You can configure the module at:
    {BaseURL}/admin/config/people/mo-oauth-client/mo-client-config
  • Install the module:
    drush en drupal/miniorange_oauth_client
  • Clear the cache:
     drush cr
  • You can configure the module at:
    {BaseURL}/admin/config/people/mo-oauth-client/mo-client-config
Note and Contact Us - SSO betwee two WordPress sites

Note: Manual Installation only compatible with Drupal 7, Drupal 8, and Drupal 9.


  • Navigate to Extend menu on your Drupal admin console and click on Install new module.
  • Install the Drupal OAuth & OpenID Connect Login - OAuth2 Client SSO Login module either by downloading the zip or from the URL of the package (tar/zip).
  • Click on Enable newly added modules.
  • Enable this module by checking the checkbox and click on install button.
  • You can configure the module at:
    {BaseURL}/admin/config/people/mo-oauth-client/mo-client-config
  • Go to ConfigurationPeopleminiOrange OAuth Client Configuration in the Administration menu. (/admin/config/people/miniorange_oauth_client)
Drupal OAuth Client - select mimiorange OAuth Client Configuration
  • Under the Configure OAuth tab select desired OAuth Provider from the dropdown.
  • Note and Contact Us - SSO between two WordPress sites

    Note: If the desired OAuth Provider is not listed in the dropdown, please select Custom OAuth Provider / Custom OpenID Provider and continue.

Drupal OAuth Client - select OAuth Provider
  • Copy the Callback/Redirect URL and keep it handy. This will be required while configuring the OAuth Provider.
  • Note and Contact Us - SSO between two WordPress sites

    Note: If your provider only supports HTTPS Callback/Redirect URLs and you have an HTTP site, please make sure to enable the 'Enforce HTTPS Callback URL' checkbox at the bottom of the tab.


  • Enter the OAuth provider name in the Display Name text field.
Drupal OAuth Client - Copy Callback URL

Configure Drupal as an OAuth Client

  • Go to ConfigurationPeopleminiOrange OAuth Client in the Administration menu. (admin/config/people/mo-oauth-client/mo-client-config)
Drupal OAuth Client - select mimiorange OAuth Client
  • In the Manage section, under the Client Configuration tab, click on the + Add New button to configure desired OAuth Client.
Drupal OAuth Client - Click Add New
  • Under the Add tab select desired OAuth Application from the dropdown.
  • Note and Contact Us - SSO between two WordPress sites

    Note: If the desired OAuth Provider is not listed in the dropdown, please select Custom OAuth Provider / Custom OpenID Provider and continue.

Drupal OAuth Client - select OAuth Provider
  • Enter the OAuth Provider name in the Custom App Name text field. Copy the Callback/Redirect URL and keep it handy. This will be required while configuring the OAuth Provider.
Drupal OAuth Client - Enter Custom App Name and Copy Callback URL
  • If your provider only supports HTTPS Callback/Redirect URLs and you have an HTTP site, please make sure to check the Enforce HTTPS Callback URL checkbox in the Settings tab.
Drupal OAuth Client - Enforce HTTPS Callback URL
  • Login to AWS console.
  • Search for Cognito and click on it.
Drupal OAuth OpenID OIDC Single Sign On (SSO) AWS Cognito SSO Login AWS Console

  • Click on Create user pool button to create new user pools. (User Pool is a user directory. Users in User Pool can access the app using AWS Cognito credentials.)
Drupal OAuth OpenID OIDC Single Sign On (SSO) AWS Cognito SSO Manage Pool

  • Now, in Set up resources for your application window, select application type and enter the application name in Define your application section.
  • Select Sign-in attributes in Configure options section.
  • Paste the previously copied Callback URL from the Drupal in the Return URL text field under the Add a return URL section.
  • Click on Create user directory button.
Drupal OAuth OpenID OIDC Single Sign On (SSO) AWS Cognito SSO Enter application details and callback URL

  • Click on the Amazon Cognito link in the top left corner.
Drupal OAuth OpenID OIDC Single Sign On (SSO) AWS Cognito click Amazon Cognito link

  • After that, click on the User pools from the left sidebar.
Drupal OAuth OpenID OIDC Single Sign On (SSO) AWS Cognito click user pools

  • Now, on the link of newly created user pool.
Drupal OAuth OpenID OIDC Single Sign On (SSO) AWS Cognito SSO select newly created user pool

  • Click on the Users from the left sidebar, and then click Create User to add new user.
Drupal OAuth OpenID OIDC Single Sign On (SSO) AWS Cognito click Create User button

  • Enter the user information like email and password and click on Create User button.
Drupal OAuth OpenID OIDC Single Sign On (SSO) AWS Cognito Enter user details

  • Click on App clients from the left sidebar and click the link of your created application.
Drupal OAuth OpenID OIDC Single Sign On (SSO) AWS Cognito select application

  • From the App client information section copy the Client ID and Client secret. Keep it handy as they will be required later.
Drupal OAuth OpenID OIDC Single Sign On (SSO) AWS Cognito Copy Client ID and Secret

  • Now, click the Domain from the left sidebar under the Branding. Copy the Cognito domain it will be required later for Authorization and Access Token endpoints.
Drupal OAuth OpenID OIDC Single Sign On (SSO) AWS Cognito create cognito domain

  • Go to miniOrange OAuth Client module.
  • In Configure OAuth tab, paste the copied Client ID and Client Secret from AWS Cognito in the Client ID and Client Secret text-field.
Drupal-Auth-SSO-AWS Cognito-Paste-Client-Credentials

  • Replace the inital URL with the Cognito domain into the Authorize Endpoint and Access Token Endpoint textfields.
Drupal-Auth-SSO-AWS Cognito-Replace the intial URL with Cognito domain into the Endpoints fields

  • The Send Client ID and Secret in Header or Body checkbox allows you to specify whether the Client ID and Secret should be included in the header or the body of the Token Endpoint Request. If you're unsure which option to select, you can stick with the default settings.
  • Click on the checkbox to Enable Login with OAuth, scroll down, and click the Save Configuration button.
Drupal OAuth OpenID OIDC Single Sign On (SSO) Enabling the Login with OAuth checkbox and click Save Configuration

Integrating Drupal with AWS Cognito:

  • Go to miniOrange OAuth Client module.
  • In Add tab, paste the copied Client ID and Client Secret from AWS Cognito in the Client ID and Client Secret text-field.
Drupal-Auth-SSO-AWS Cognito-Paste-Client-Credentials

  • Replace the inital URL with the Cognito domain into the Authorize Endpoint, Access Token Endpoint, and User Info Endpoint textfields.
Drupal-Auth-SSO-AWS Cognito-Replace the intial URL with Cognito domain into the Endpoints fields

  • The Send Client ID and Secret in Header or Body checkbox allows you to specify whether the Client ID and Secret should be included in the header or the body of the Token Endpoint Request. If you're unsure which option to select, you can stick with the default settings.
  • Click on the checkbox to Enable Login with OAuth, scroll down, and click the Save Configuration button.
Drupal OAuth OpenID OIDC Single Sign On (SSO) Enabling the Login with OAuth checkbox and click Save Configuration

  • After successfully saving the configurations, please click on the Perform Test Configuration button to test the connection between Drupal and OAuth Provider.
OAuth-OIDC-Client-Configuration-Check-Connection-with-OAuth-Provider
  • On a Test Configuration popup, if you don't have any active sessions on the same browser, you will be requested to login to the OAuth Provider. After successfully logging, you will be provided a list of attributes received from the OAuth Provider.
  • Select the Email Attribute from the dropdown menu in which the user's email ID is obtained and click on the Done button.
  • Note and Contact Us - SSO between two WordPress sites

    Note: Mapping the Email Attribute is mandatory to perform SSO i.e. login to the Drupal site with OAuth Provider credentials.

Drupal OAuth Client - select Email Attribute
  • On the Attribute & Role Mapping tab, please select the Username Attribute from the dropdown list and click on the Save Configuration button.
Drupal OAuth Client - select user attribute and click save configuration
  • Now log out and go to your Drupal site’s login page. You will automatically find a Login with OAuth Provider link there. If you want to add the SSO link to other pages as well, please follow the steps given in the image below:
Drupal OAuth Client - add link on other pages

Test Connection between Drupal and OAuth Provider

  • After successfully saving the configurations, click on the Perform Test Configuration button to test the connection between Drupal and OAuth Provider.
OAuth-OIDC-Client-Configuration-Check-Connection-with-OAuth-Provider
  • On a Test Configuration popup, if you don't have any active sessions on the same browser, you will be requested to login to the OAuth Provider. After successfully logging, you will be provided a list of attributes received from the OAuth Provider.
  • Click on the Configure Mappings button.
Drupal OAuth Client - select Email Attribute
  • On the Attribute Mapping tab, please select the Email Attribute and Username Attribute from the dropdown list and click on the Save Configuration button.
Note and Contact Us - SSO between two WordPress sites

Note: Mapping the Email Attribute is mandatory to perform SSO i.e. login to the Drupal site with OAuth Provider credentials.

Drupal OAuth Client - select user attribute and click save configuration
  • Now log out and go to your Drupal site’s login page. You will automatically find a Login with OAuth Provider link there. If you want to add the SSO link to other pages as well, please follow the steps given in the image below:
Drupal OAuth Client - add link on other pages


If you face any issues during the configuration or if you want some additional features, please contact us at drupalsupport@xecurify.com.

More FAQs ➔

Follow the steps mentioned HERE

Follow the steps mentioned HERE

The logout functionality you've mentioned here is the default behavior of a module. It's logging you out of Drupal but not from your Application/Provider. To allow the module to logout from your provider/application account (what you are looking for), you need to make the below configurations: [know more]

As you have upgraded to one of our paid versions of the Drupal module and replaced the free module with the paid one, you must first activate the paid module. Please refer to the below steps. [Know more]

ADFS_sso ×
Hello there!

Need Help? We are right here!

support