AWS Cognito Integration (OAuth 2.0)
This page explains the required AWS Cognito configuration for enabling Single Sign-On (SSO) with e6data using OAuth 2.0 Authorization Code Flow.
1. Prerequisites
Before configuring the integration, ensure the following components already exist in your AWS account:
Cognito User Pool Your users must be managed in an existing AWS Cognito User Pool.
App Client for Web Applications The User Pool must have an App Client created specifically for web-based authentication.
Client Secret The App Client must have Generate client secret enabled.
2. Required App Client Settings
The following authentication flows must be enabled in the App Client configuration:
Authorization Flows to Enable
ALLOW_AUTHORIZATION_CODE_FLOW
Required for OAuth 2.0 Authorization Code flow.
ALLOW_REFRESH_TOKEN_AUTH
Allows users to maintain sessions without re-authentication.
These settings can be found under: Cognito User Pool → App Client → Authentication Flows
3. Callback (Redirect) URLs
After your environment is configured, e6data will share the list of callback (redirect) URLs required for the integration.
Action Required
Add the provided URLs to: App Client → Hosted UI → Allowed Callback URLs
This ensures Cognito redirects users back to the correct application endpoints after authentication.
4. Information Required From You
To complete the integration, provide the following Cognito configuration details.
Client ID
ID of the App Client used for SSO.
5hgnc4tbf82387dsx91mngs7e
Client Secret
Secret generated for the App Client.
15e5c70p9k5h6bdf21696t35d1e2e212
User Pool ID
Identifier of your Cognito User Pool.
us-west-2_A1B2c3D4e
Region
AWS region where the User Pool is hosted.
us-east-1
Cognito Domain
Hosted UI domain configured for the User Pool.
your-company.auth.us-east-1.amazoncognito.com
5. Summary
This configuration enables secure OAuth-based SSO between your Cognito User Pool and e6data. Once the required details are shared, the e6data team will finalize the integration.
Last updated