This repository was archived by the owner on Jul 10, 2021. It is now read-only.
docs(OAuth2):added guide for aws cognito #2017
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change | ||||
|---|---|---|---|---|---|---|
| @@ -0,0 +1,62 @@ | ||||||
| --- | ||||||
| title: "AWS Cognito" | ||||||
| sidebar: | ||||||
| nav: setup | ||||||
| --- | ||||||
|
|
||||||
| This page instructs you on how to obtain an OAuth 2.0 client ID and client secret for | ||||||
| use with your AWS Cognito User Pools. | ||||||
|
|
||||||
| ## Setting up an AWS Cognito App Client | ||||||
|
|
||||||
| 1. Navigate to [https://aws.amazon.com/](https://aws.amazon.com/) and log in with your AWS credentials. | ||||||
| 2. Search for Cognito in the search bar. | ||||||
| 3. Select the user pools you want Spinnaker to use. | ||||||
| 4. At the side bar under "General settings", select "App clients", add a client | ||||||
|
Contributor
There was a problem hiding this comment.
Suggested change
|
||||||
| - Make sure you select "Generate client secret" | ||||||
|
Contributor
There was a problem hiding this comment.
Suggested change
|
||||||
| 5. After that go to "App integration", then to "App client settings" | ||||||
|
Contributor
There was a problem hiding this comment.
Suggested change
|
||||||
| - Select "Cognito User Pool" as one of the "Enabled Identity Providers" | ||||||
|
Contributor
There was a problem hiding this comment.
Suggested change
Contributor
There was a problem hiding this comment. This one, and the ones following, should probably be numbered instead of sub-bullets. They're just further steps, right? (The two items under "Check the following" are ok as bullets though, of course. |
||||||
| - Input your callback url | ||||||
|
Contributor
There was a problem hiding this comment.
Suggested change
Contributor
There was a problem hiding this comment. Periods for all these that are complete sentences. |
||||||
| - Check the following | ||||||
| - Authorization code grant, Implicit grant | ||||||
| - email, openid | ||||||
| - Also make sure you already have a domain name for your hosted UI | ||||||
|
|
||||||
| You should have these credentials ready before moving on to the next step | ||||||
|
Contributor
There was a problem hiding this comment.
Suggested change
|
||||||
| - App client id | ||||||
| - App client secret | ||||||
| - Hosted UI domain name | ||||||
|
|
||||||
| ## Configure Halyard | ||||||
|
|
||||||
| You may configure Halyard either with the CLI or by manually editing the hal config. | ||||||
|
Contributor
There was a problem hiding this comment.
Suggested change
|
||||||
|
|
||||||
| ### Hal config | ||||||
|
|
||||||
| ```yaml | ||||||
| security: | ||||||
| authn: | ||||||
| oauth2: | ||||||
| enabled: true | ||||||
| client: | ||||||
| clientId: {CLIENT_ID} | ||||||
| clientSecret: {CLIENT_SECRET} | ||||||
| accessTokenUri: {YOUR_DOMAIN_NAME}/oauth2/token | ||||||
| userAuthorizationUri: {YOUR_DOMAIN_NAME}/oauth2/authorize | ||||||
| preEstablishedRedirectUri: {GATE_URL}/login | ||||||
| useCurrentUri: false | ||||||
| resource: | ||||||
| userInfoUri: {YOUR_DOMAIN_NAME}/oauth2/userInfo | ||||||
| userInfoMapping: {} | ||||||
| provider: OTHER | ||||||
| ``` | ||||||
|
|
||||||
| ### CLI | ||||||
|
|
||||||
| Set up OAuth 2.0 with AWS Cognito: | ||||||
|
Contributor
There was a problem hiding this comment.
Suggested change
|
||||||
|
|
||||||
| `hal config security authn oauth2 edit --provider OTHER --client-id (client ID from above) --client-secret (client secret from above) --access-token-uri (your domain name)/oauth2/token --user-authorization-uri (your domain name)/oauth2/authorize --user-info-uri (your domain name)/oauth2/userInfo` | ||||||
|
|
||||||
| Now enable OAuth 2.0 using hal: | ||||||
|
Contributor
There was a problem hiding this comment.
Suggested change
|
||||||
|
|
||||||
| `hal config security authn oauth2 enable` | ||||||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we link directly to the Cognito page?