Anyone have any idea on when Amazon Cognito will be supporte GoodData #gooddata-cn

Join Slack

Anyone have any idea on when Amazon Cognito will b...

# gooddata-cn

Vincil Bishop

12/13/2022, 2:56 AM

Anyone have any idea on when Amazon Cognito will be supported as an OIDC provider?

Aleh Padbiarezski

12/13/2022, 10:47 AM

+1. As I see in documentation it is not supported https://www.gooddata.com/developers/cloud-native/doc/cloud/manage-deployment/set-up-authentication/external-oidc/#amazon-cognito

Robert Moucha

12/13/2022, 3:48 PM

It actually works, if properly set up. The error with "state" variable is already fixed.

👍 4

❤️ 1

Robert Moucha

12/13/2022, 3:50 PM

It's important to have "name" and "email" attributes configured and filled in for every user. These attributes are being used in id token to show information about user in GoodData.CN.

Robert Moucha

12/13/2022, 3:54 PM

cognito issuer url needs to be in format:

Copy code

<https://cognito-idp>.{{aws-region}}.<http://amazonaws.com/{{cognito-pool-id}}|amazonaws.com/{{cognito-pool-id}}>

Jan Soubusta

12/14/2022, 8:08 AM

Could we document it to make it officially supported?

❤️ 1

Robert Moucha

12/14/2022, 12:18 PM

Yes, I plan to document working cognito setup in our docs. Unfortunately, it may be a bit fuzzy because cognito supports a broad variety of configurations and some settings are hard or impossible to change on existing cognito user pool.

Vincil Bishop

12/14/2022, 2:05 PM

Maybe concrete instructions/support for Cognito email/usermame/password integration and then some statement that other configurations may also work, with any known caveats.

Robert Moucha

12/29/2022, 1:09 PM

So, bad news, the issue with

state

variable still persists on some cognito endpoints 😞 Good news is I most probably found a workaround and I try to incorporate it to some of the future releases.

👍 1

Vincil Bishop

12/29/2022, 8:09 PM

When you say some endpoints... what do you mean?

Vincil Bishop

12/29/2022, 8:09 PM

some regions... or something else

Robert Moucha

12/30/2022, 3:30 PM

no, some API endpoints, most notably the

/login

endpoint, that returns redirect url after successful login. I tested on eu-central-1 region, but I believe all regions are affected. I submitted question to AWS forum but there's no response so far. But we try to address this issue on application side.

Robert Moucha

12/30/2022, 4:03 PM

As only the

/login

endpoint shows this error, it means that it affects only cognito user pool users (that actively fill in username/password to the form) are affected. Federated IdP linked to the app client are not affected (like Google, Facebook, OIDC etc.), because these do not use this login form.

Vincil Bishop

12/30/2022, 5:56 PM

thx will check

Vincil Bishop

12/30/2022, 5:56 PM

we are planning to use Cognito...if not we will have to try with Auth0

Productboard

01/09/2023, 8:23 AM

🎉 New note created.

Open in Slack

Previous Next