Amazon Cognito

Follow the AWS Cognito guide to create a Cognito application or use an existing one.

Steps

1. Create a Cognito User Pool (if not already available).
2. Create an Application:
   • Choose "Traditional Web Application" as the Application Type.
   • Skip adding the return URL for now; it can be added later after deploying the TrueFoundry service.
3. Save the following details:
   • Client ID
   • Client Secret
4. Open the OpenID Configuration:
   • Example:

     https://cognito-idp.us-east-1.amazonaws.com/us-east-1_GOoTGBS6e/.well-known/openid-configuration

   • This contains required fields like:
     • Issuer
     • JWKS URI
     • Authorization URL
     • Token URL
     • Supported Scopes

Integration with TrueFoundry

• Use the values from the OpenID configuration in the integration.
• For Client Secret, you can:
  • Create a TrueFoundry Secret, or
  • Directly add the value.
• Include appropriate scopes as required for your integration (e.g., openid, email, etc.).
• Retain JWT Source as Access Token (no changes needed).

Example configuration