Guide to Configure AWS Cognito as an OAuth Server for Drupal

miniOrange Drupal OAuth/OpenID module gives the ability to enable OAuth/OpenID Single Sign On for Drupal site. Drupal OAuth Client module is compatible with all OAuth/OpenID Providers. Here we will go through a guide to configure SSO between Drupal and AWS Cognito. By the end of this guide, AWS Cognito users should be able to login and register to Drupal site.
If you have any doubts or queries you can contact us at We will help you to configure the module.

Step 1: Setup AWS Cognito as OAuth Provider

  • Sign in to AWS Amazon.
  • Now enter “Cognito” in search textbox & select Cognito from dropdown.
  • aws-cognito-enter-cognito
  • Go to “Manage your user pools”
  • aws-cognito-manage-pool
  • Click on “Create a user pool”
  • aws-cognito-create-pool
  • Add pool name and select “Review Defaults”.
  • aws-cognito-review-defaults
  • Click on “Add app client” & then click on Add an app client
  • aws-cognito-add-app-client
  • Enter App client name & then Click on “Create app client”.
  • aws-cognito-create-app-client
  • Click on Return to pool details. After this click on “Create Pool”.
  • Navigate to App client settings.
    • Select “Cognito User Pool”, add callback URL. You will get this callback URL from the plugin.
    • Add application home page URL has to Sign out URL.
    • Also, select Authorization code grant as “Allowed OAuth Flows” & select OpenID as “Allowed OAuth Scopes”.
    • After selecting all details click on Save changes button.
    • aws-cognito-allowe-scopes-oauth-flows
  • Go to “App client” and click on “Show details” to get a client ID and client secret.
  • aws-cognito-client-ID-secrets
  • Go to domain name and enter a domain name for your app. After adding domain name you can check its availability by clicking on “Check availability” button. After entering valid domain name click ”Save changes” button.
  • aws-cognito-domain
  • Complete domain name: The complete domain name that you need to enter in plugin is {your domain name}.auth.{region name}
  • Add Users / Groups to Cognito App : Go to Users and groups and then click on Users. After this click on Create user.
  • aws-cognito-user-and-groups
  • Fill all required informations and click on Create user.
  • aws-cognito-create-user
  • Click on Groups and then click on Create group.
  • aws-cognito-create-group
  • Fill all required informations and click on Create group.
  • aws-cognito-group-info
  • AWS Cognito Endpoints and scope:
  • Scope: openid
    Authorize Endpoint: https://<cognito-app-domain>/oauth2/authorize
    Access Token Endpoint: https://<cognito-app-domain>/oauth2/token
    Get User Info Endpoint: https://<cognito-app-domain>/oauth2/userInfo

Step 2: Configure miniOrange Drupal OAuth Client module.

  • Login in your Drupal site’s admin console and click on Extend from the top navigation bar.
  • Select the Install new module option to install a new module on your Drupal site.
  • Drupal OAuth Client module - Install
  • Upload the downloaded zip file of the Module and click on the Install button to continue.
  • Drupal OAuth Client module - Upload
  • Select Enable newly added modules.
  • Drupal OAuth Client module - Update manager
  • Scroll down till you find miniOrange OAuth Client. Click on the checkbox next to it and click on the Install button to enable the module.
  • Drupal OAuth Client module - Enable module
  • Click on Configuration from the top navigation bar and Select Drupal OAuth client Configuration.
  • Drupal OAuth Client - Configuration
  • Click on the Configure OAuth Client tab and select your OAuth Provider from the Select Application dropdown. In case you do not find your OAuth Provider listed in the dropdown, please select Custom OAuth Provider and continue.
  • Drupal OAuth Client - Configure module
  • Enter your OAuth Provider information in their respective fields and click on the Save button to continue. Also, copy the Callback/Redirect URL and save it on your OAuth Provider.
  • Drupal OAuth Client - Configure OAuth tab
  • Now click on the Test Configuration option. This Test Configuration link will give you the list of the attributes that are coming from your OAuth Provider.
  • Copy the email and the name attributes and save them under the Attribute & Role Mapping tab in the Email Attribute and Name Attribute text field respectively.
  • Please note: This step is mandatory for your login to work. Click on the Save button on the bottom of the page to save your attribute configurations.

    Drupal OAuth Client Attribute Mapping
  • If your OAuth Provider supports only HTTPS Root URL or Base URL (for eg. Azure, Azure B2C) you can change it under Sign In Settings tab.
  • Drupal OAuth Client Redirect URL
  • Now logout and go to your Drupal site’s login page, you will automatically find a Login withYour OAuth Provider link there. If you want to add your login link to other pages as well, please follow the steps given in the below image:
  • Drupal OAuth Client login link
  • If you want to check out our complete list of features and our various licensing plans, you can go to the Upgrade Plan tab in the module.
  • If you want to purchase any of the paid version of the module, you have to register/login with us in Register/Login tab.
  • Still, if you are facing any difficulty or if you have any questions in mind, you can reach out to us by submitting a query in the Support tab of a module or by sending us a mail at
  • Congratulations, you have successfully configured the miniOrange Drupal OAuth Client module.

Free Trial

If you don't find what you are looking for, please contact us at or call us at +1 978 658 9387.