AWS Cognito SSO Login into Drupal using OAuth / OpenID connect
Drupal OAuth Client module enables Single Sign-On i.e. SSO for a Drupal site with any Identity Provider using
OAuth or OpenID connect protocol. This module is compatible with
Drupal 7, Drupal 8, Drupal 9, and Drupal 10. Here we will go through the steps to configure the module with the
AWS Cognito. Once this configuration is done, users will be able to log in to the Drupal site using their AWS
After installing the module, navigate to the Configuration -> miniOrange OAuth
Client Configuration -> Configure OAuth tab and select AWS
Cognito from the Select Application dropdown list.
Copy the Callback/Redirect URL and keep it handy.
Note:- If you have an HTTP Drupal site, and AWS Cognito enforces the HTTPS Redirect URI. Please
navigate to the Sign In Settings tab of the module and set the base URL of the site
with HTTPS in the Base URL text field.
Enter the name in the Custom App Name text field. For example, AWS Cognito
Go to miniOrange OAuth Client module. Paste the copied Client ID and Client Secret into the
Replace the inital URL with the Cognito domain into the Authorize Endpoint and Access Token
The 'Send Client ID and Secret in Header or Body' checkbox allows you to specify whether the Client ID and
Secret should be included in the header or the body of the Token Endpoint Request. If you're unsure which
option to select, you can stick with the default settings.
Click on the checkbox to Enable Login with OAuth, scroll down, and click the Save
between Drupal and AWS Cognito:
Click on the Perform Test Configuration button.
On a Test Configuration popup, if you don't have an active session in AWS Cognito on the same browser,
you'll be prompted to sign in to AWS Cognito. Once successfully logged in, you'll receive a list of
attributes retrieved from AWS Cognito.
Scroll down and click on the Configure Attribute / Role Mapping button.
On the Attribute & Role Mapping tab, please select the attribute under which the email of the user is
received from the Email Address drop-down menu. Similarly, you can select the suitable option from
the Name Attribute drop-down menu.
Please note: Mapping the Email Attribute is mandatory for Login.
Congratulations! You have successfully configured AWS Cognito as OAuth/OpenID Provider and Drupal as an
How to perform
Now, open a new browser/private window and go to your Drupal site login page.
Click on the Login using the AWS Cognito link to initiate the SSO from Drupal.
If you want to add the SSO link to other pages as well, please follow the steps given in the image below:
If you face any issues during the configuration or if you want some additional features, please contact us at email@example.com.
After I click on the logout in Drupal, it sends me back to
the Drupal homepage. However, when I try to login with other user, it doesn’t ask me to login but
automatically logs me in with same user
The logout functionality you’ve mentioned here is the default
behavior of a module. It’s logging you out of Drupal but not from your Application/Provider.
To allow the module to logout from your provider/application account (what you are looking for), you
need to make the below configurations: [know more]
I purchased the paid Drupal module and replaced it with
the free module, but still I am not able to use paid features.
As you have upgraded to one of our paid versions of the
Drupal module and replaced the free module with the paid one, you must first activate the paid
module. Please refer to the below steps. [Know more]
miniOrange has successfully catered to the use cases of 400+ trusted customers with its highly
flexible/customizable Drupal solutions. Feel free to check out some of our unique case studies using
Feel free to explore other Drupal solutions that we offer here. The
popular solutions used by our trusted customers include Two Factor Authentication - 2FA, Website
Security, REST & JSON API Authentication, User Provisioning and Sync.
If you dont hear from us within 24 hours, please feel free to send a follow up email to firstname.lastname@example.org
This privacy statement applies to miniorange websites describing how we handle the personal
When you visit any website, it may store or retrieve the information on your browser, mostly in the
form of the cookies. This information might be about you, your preferences or your device and is
mostly used to make the site work as you expect it to. The information does not directly identify
you, but it can give you a more personalized web experience.
Click on the category headings to check how we handle the cookies.
Strictly Necessary Cookies
Necessary cookies help make a website fully usable by enabling the basic functions like site
navigation, logging in, filling forms, etc. The cookies used for the functionality do not store any
personal identifiable information. However, some parts of the website will not work properly without
These cookies only collect aggregated information about the traffic of the website including -
visitors, sources, page clicks and views, etc. This allows us to know more about our most and least
popular pages along with users' interaction on the actionable elements and hence letting us improve
the performance of our website as well as our services.