OAUTH2 server for getting AWS Cognito User Pool token?

0
votes

I am attempting to allow a third party app (Google Home) to access information from a AWS Cognito User Pool.

The flow of the entire process is as follows (assuming I understand it correctly that is):

  1. The user tries to link their devices (which are all managed inside various AWS services) to Google Home.
  2. The user is then redirected to our oauth2 page where they log into their account in the cognito user pool
  3. They succesfully log in and are provided with an oauth token
  4. The Google Home app can then use that token to send requests to our back end, allowing them to control their devices, but not the devices belonging to other users.

I am not exactly sure how to setup the cognito user pool as an oauth2 provider. I can find lots of info going the other way (for instance using Google to sign into our AWS user pool using federated identities) but that doesn't solve our problem.

Any help or direction would be greatly appreciated.

Thanks in advance

1
amazon-web-servicesoauthamazon-cognito

1 Answers

2
votes

Amazon Cognito now supports OAuth 2.0. Login to the Amazon Cognito Console and follow these steps for an existing user pool:

  1. Create a domain in the "App Integration" section.
  2. In the same navigation go to "App Client Settings" and enable the providers you want enabled on the client, in your case Cognito. Also add the allowed callback and logout URIs as well as the allowed OAuth flows and scopes.
  3. Now your authorize endpoint is https://.auth..amazoncognito.com/authorize?client_id=&redirect_uri=&response_type= and same way you can find the token endpoint.

More details...