WordPress OAuth Server plugin enables AWS Cognito Single Sign-On (SSO) using your WordPress username and password. Once you configure the AWS Cognito with WordPress OAuth Server plugin, you can login to your AWS Cognito using WordPress credentials. OAuth Server plugin also allows you to send custom WordPress user attributes to your AWS Cognito as per your requirements. To know more about other features we provide in WordPress OAuth Server plugin, you can click here.

Download And Installation

• Log into your WordPress instance as an admin.
• Go to the WordPress Dashboard -> Plugins and click on Add New.
• Search for a WordPress OAuth Server Single Sign-On (SSO) plugin and click on Install Now.
• Once installed click on Activate.

Steps to configure WordPress Login into AWS Cognito Single Sign-On (SSO)

1. Setup WordPress as OpenID Connect Server

• Go to miniOrange OAuth Server plugin on the left side menu and choose your OpenID Connect client from the list, Here Custom OpenID Connect.

• Enter Client name as you want. Enter the Redirect / Callback URL like (https://Your-cognito-app-domain/oauth2/idpresponse) from AWS Cognito and enter under Redirect URI field. Click on Save client button.

• Note down Client ID, Client Secret, and Discovery Endpoint to configure in your OpenID Connect Client.

2. Setup AWS Cognito as OpenID Connect Client

• First of all, go to Amazon Console and sign up/login in your account to Configure AWS Cognito.

• Search for Cognito in the AWS Services search bar as shown below.

• Click on Mange User Pools button to see the list of your user pools.

• Click on Create a user pool to create a new user pool.

• Add a Pool Name and click on the Review Defaults button to continue.

• In the navigation bar present on the left side, click on Identity providers option and select the OpenId Connect.

• Provide the necessary details, such as provider name, Client ID, Client Secret, Scope, and Issuer Endpoint. Paste the Discovery Endpoint (which is available in our premium plugin version) from miniOrange OAuth Server plugin under Issuer. Click on the Run discovery button and then Create Provider.

Client ID :	Click Here
Client Secret :	Click Here
Issuer Endpoint :	//<your domain>/wp-json/moserver/<client-id>
Scope :	openid profile email


• Scroll down and click on Configure Attribute Mapping option.

• Add the OIDC attribute and User pool attribute by clicking on Add OIDC attribute option. Click on Save Chnages button.

• click on “App client” & then again click on Add an app client.

• Enter an App Client Name and click on Create app client to create an App client.

• Go to domain name and enter a domain name for your app. After adding domain name you can check its availability by clicking on “Check availability” button. After entering valid domain name click ”Save changes” button.

• In the navigation bar present on the left side, click on the App Client Settings option under the App Integration menu.

• Enable Identity provider as Select all and enter your Callback/Redirect URL which you will get from your miniOrange plugin present on your Server side under the CallBack URLs text-field. Select Authorization code grant checkbox under the Allowed OAuth Flows and also select openid and profile checkboxes under the Allowed OAuth Scopes option (Please refer to the image below). Click on the Save Changes button to save your configurations.

• Scroll down and click on Launch Hosted UI option and click on login button.

You have successfully configured AWS Cognito as OAuth Client for for achieving AWS Cognito Single Sign-On (SSO) with WordPress for user authentication.

In this Guide, you have successfully configured AWS Cognito Single Sign-On (SSO) with WordPress as OAuth Provider and AWS Cognito as OpenID Connect Client using our WP OAuth Server plugin. This solution ensures that you are ready to roll out secure access to your AWS Cognito application using WordPress site credentials within minutes.

Additional Resources

• What is OAuth 2.0?
• Cognito user pool identity provider
• What is Single Sign-On (SSO)?
• Frequently Asked Questions (FAQs)