Guide to Configure AWS Cognito as an OAuth Server for Drupal

Step 1: Setup AWS Cognito as OAuth Provider

  • Sign in to AWS Amazon.
  • Now enter “Cognito” in search textbox & select Cognito from dropdown.
  • aws-cognito-enter-cognito
  • Go to “Manage your user pools”
  • aws-cognito-manage-pool
  • Click on “Create a user pool”
  • aws-cognito-create-pool
  • Add pool name and select “Review Defaults”.
  • aws-cognito-review-defaults
  • Click on “Add app client” & then click on Add an app client
  • aws-cognito-add-app-client
  • Enter App client name & then Click on “Create app client”.
  • aws-cognito-create-app-client
  • Click on Return to pool details. After this click on “Create Pool”.
  • Navigate to App client settings.
    • Select “Cognito User Pool”, add callback URL. You will get this callback URL from the plugin.
    • Add application home page URL has to Sign out URL.
    • Also, select Authorization code grant as “Allowed OAuth Flows” & select OpenID as “Allowed OAuth Scopes”.
    • After selecting all details click on Save changes button.
    • aws-cognito-allowe-scopes-oauth-flows
  • Go to “App client” and click on “Show details” to get a client ID and client secret.
  • aws-cognito-client-ID-secrets
  • Go to domain name and enter a domain name for your app. After adding domain name you can check its availability by clicking on “Check availability” button. After entering valid domain name click ”Save changes” button.
  • aws-cognito-domain
  • Complete domain name: The complete domain name that you need to enter in plugin is {your domain name}.auth.{region name}
  • Add Users / Groups to Cognito App : Go to Users and groups and then click on Users. After this click on Create user.
  • aws-cognito-user-and-groups
  • Fill all required informations and click on Create user.
  • aws-cognito-create-user
  • Click on Groups and then click on Create group.
  • aws-cognito-create-group
  • Fill all required informations and click on Create group.
  • aws-cognito-group-info
  • AWS Cognito Endpoints and scope:
  • Scope: openid
    Authorize Endpoint: https://<cognito-app-domain>/oauth2/authorize
    Access Token Endpoint: https://<cognito-app-domain>/oauth2/token
    Get User Info Endpoint: https://<cognito-app-domain>/oauth2/userInfo

Step 2: Configure miniOrange Drupal Oauth Login module

  • Click on Configuration tab in Drupal dashboard then click on Drupal OAuth Client Configuration.
  • drupal-8-oauth client
  • In Configure OAuth Application:
    • Select Custom OpenID provider from dropdown list.
    • Copy the Callback/Redirect URL and save it on your OAuth Provider.
    • Fill in the following details:
      • 1)  Custom app name

        2)  Display name

        3)  Client ID which is application ID from Step 1.

        4)  Client Secret which is key-value from step 1.

        5)  Scope

        6)  Authorize Endpoint

        7)  Access Token Endpoint

    • Then click on Save Configuration.
    • Now click on the Test Configuration button. This Test Configuration link will give you the list of the attributes that are coming from your OAuth Provider.
  • Copy the email and the name attributes and save them under the Attribute & Role Mapping tab in the Email Attribute and Name Attribute text field respectively.
  • Please note: This step is mandatory for your login to work. Click on the Save Configuration button to save your attribute configurations.

    drupal-8-oauth client
  • Now logout and go to your Drupal site’s login page, you will automatically find a Login with <your OAuth Provider link> there. If you want to add your login link to other pages as well, please follow the steps given in the below image:
  • drupal-8-oauth client
  • If you want to check out our complete list of features and our various licensing plans, you can go to the Licensing Plan tab in the module.
  • Congratulations, you have successfully configured the miniOrange Drupal OAuth Login module.

Free Trial

If you don't find what you are looking for, please contact us at or call us at +1 978 658 9387.