AWS Cognito support

[bnfinet]

from the #vouch irc channel...

Vouch Proxy is confirmed working with AWS Cognito

oauth.user_info_url must be set with upper case I for oauth2/userInfo

oauth:
  provider: oidc
  auth_url: https://YOURDOMAIN.auth.eu-west-2.amazoncognito.com/oauth2/authorize
  token_url: https://YOURDOMAIN.auth.eu-west-2.amazoncognito.com/oauth2/token
  user_info_url: https://YOURDOMAIN.auth.eu-west-2.amazoncognito.com/oauth2/userInfo
  scopes:
    - openid
    - email
    - profile

[trulyliu]

How should I configure in AWS Cognito user pool?

[bnfinet]

@trulyliu unfortunately I'm only relaying from the IRC channel that AWS Cognito is supported

I wonder if #115 would offer any hint

[trulyliu]

oauth:

Generic OpenID Connect

provider: oidc
client_id: your_app_clientid
client_secret: your_app_client_secret
auth_url: https://yourdomain.auth.eu-west-1.amazoncognito.com/oauth2/authorize
token_url: https://yourdomain.auth.eu-west-1.amazoncognito.com/oauth2/token
user_info_url: https://yourdomain.auth.eu-west-1.amazoncognito.com/oauth2/userInfo
scopes:
- openid
- email
- profile
callback_url: https://vouch.yourdomain.com/auth

config in AWS cognito
enable openid, email, and profile in app settings
app client callback url : https://vouch.yourdomain.com/auth,
logout url: https://vouch.yourdomain.com/logout

Beware the domains settings in config.yml,
it should be yourdomain.com.

This setup works for me.

[michal-rybinski]

Just wanted to respond but I see that you solved it yourself.
That's pretty much as I have it set up as well, good work.