Follow the AWS Cognito guide to create a Cognito application or use an existing one.

Steps

  1. Create a Cognito User Pool (if not already available).

  2. Create an Application:

    • Choose “Traditional Web Application” as the Application Type.
    • Skip adding the return URL for now; it can be added later after deploying the TrueFoundry service.
  3. Save the following details:

    • Client ID
    • Client Secret
  4. Open the OpenID Configuration:

    • Example:

      https://cognito-idp.us-east-1.amazonaws.com/us-east-1_GOoTGBS6e/.well-known/openid-configuration
      
    • This contains required fields like:

      • Issuer
      • JWKS URI
      • Authorization URL
      • Token URL
      • Supported Scopes

Integration with TrueFoundry

  • Use the values from the OpenID configuration in the integration.

  • For Client Secret, you can:

    • Create a TrueFoundry Secret, or
    • Directly add the value.
  • Include appropriate scopes as required for your integration (e.g., openid, email, etc.).

  • Retain JWT Source as Access Token (no changes needed).

Example configuration

Sample Custom JWT Auth integration for Amazon Cognito