docs(OAuth2):added guide for aws cognito #2017
Conversation
|
|
||
| ## Setting up an AWS Cognito App Client | ||
|
|
||
| 1. Navigate to [https://aws.amazon.com/](https://aws.amazon.com/) and log in with your AWS credentials. |
There was a problem hiding this comment.
Can we link directly to the Cognito page?
| 1. Navigate to [https://aws.amazon.com/](https://aws.amazon.com/) and log in with your AWS credentials. | ||
| 2. Search for Cognito in the search bar. | ||
| 3. Select the user pools you want Spinnaker to use. | ||
| 4. At the side bar under "General settings", select "App clients", add a client |
There was a problem hiding this comment.
| 4. At the side bar under "General settings", select "App clients", add a client | |
| 4. At the side bar under "General settings", select "App clients", add a client. |
| 2. Search for Cognito in the search bar. | ||
| 3. Select the user pools you want Spinnaker to use. | ||
| 4. At the side bar under "General settings", select "App clients", add a client | ||
| - Make sure you select "Generate client secret" |
There was a problem hiding this comment.
| - Make sure you select "Generate client secret" | |
| - Make sure you select "Generate client secret." |
| 3. Select the user pools you want Spinnaker to use. | ||
| 4. At the side bar under "General settings", select "App clients", add a client | ||
| - Make sure you select "Generate client secret" | ||
| 5. After that go to "App integration", then to "App client settings" |
There was a problem hiding this comment.
| 5. After that go to "App integration", then to "App client settings" | |
| 5. After that go to "App integration," then to "App client settings." |
| 4. At the side bar under "General settings", select "App clients", add a client | ||
| - Make sure you select "Generate client secret" | ||
| 5. After that go to "App integration", then to "App client settings" | ||
| - Select "Cognito User Pool" as one of the "Enabled Identity Providers" |
There was a problem hiding this comment.
| - Select "Cognito User Pool" as one of the "Enabled Identity Providers" | |
| - Select "Cognito User Pool" as one of the "Enabled Identity Providers." |
| - Make sure you select "Generate client secret" | ||
| 5. After that go to "App integration", then to "App client settings" | ||
| - Select "Cognito User Pool" as one of the "Enabled Identity Providers" | ||
| - Input your callback url |
There was a problem hiding this comment.
| - Input your callback url | |
| - Input your callback URL. |
There was a problem hiding this comment.
Periods for all these that are complete sentences.
| - email, openid | ||
| - Also make sure you already have a domain name for your hosted UI | ||
|
|
||
| You should have these credentials ready before moving on to the next step |
There was a problem hiding this comment.
| You should have these credentials ready before moving on to the next step | |
| Have these credentials ready before moving on to the next step |
|
|
||
| ## Configure Halyard | ||
|
|
||
| You may configure Halyard either with the CLI or by manually editing the hal config. |
There was a problem hiding this comment.
| You may configure Halyard either with the CLI or by manually editing the hal config. | |
| You can configure Halyard either with the [CLI](/reference/halyard/commands/) or by manually editing the hal config. |
|
|
||
| ### CLI | ||
|
|
||
| Set up OAuth 2.0 with AWS Cognito: |
There was a problem hiding this comment.
| Set up OAuth 2.0 with AWS Cognito: | |
| 1. Set up OAuth 2.0 with AWS Cognito: |
|
|
||
| `hal config security authn oauth2 edit --provider OTHER --client-id (client ID from above) --client-secret (client secret from above) --access-token-uri (your domain name)/oauth2/token --user-authorization-uri (your domain name)/oauth2/authorize --user-info-uri (your domain name)/oauth2/userInfo` | ||
|
|
||
| Now enable OAuth 2.0 using hal: |
There was a problem hiding this comment.
| Now enable OAuth 2.0 using hal: | |
| Enable OAuth 2.0: |
|
@dorbin I don't have much knowledge about Cognito, so this LGTM |
|
Thank you for the suggested changes @dorbin, all changes have been committed! |
|
@spinnaker/sig-aws |
| 4. At the side bar under "General settings", select "App clients", add a client. | ||
| - Make sure you select "Generate client secret." | ||
| 5. After that go to "App integration", then to "App client settings." | ||
| a) Select "Cognito User Pool" as one of the "Enabled Identity Providers." |
There was a problem hiding this comment.
@joetancy I don't know if you've set yourself up to preview your changes, but these substeps might not resolve the way you want them to. If you are previewing, and this looks ok, then ignore this comment.
But Markdown usually wants sub steps to start with 1. , just like the first-level steps. And the indentation causes Markdown to give them letters instead of numbers.
There was a problem hiding this comment.
apologies, fixed in the next commit!
There was a problem hiding this comment.
A few more comments, Joe.
Still would like someone to do a technical review. @robzienert , you? Or do you know who might know? Thanks.
| 1. Navigate to [https://aws.amazon.com/cognito/](https://aws.amazon.com/cognito/) and log in with your AWS credentials. | ||
| 2. Search for Cognito in the search bar. | ||
| 3. Select the user pools you want Spinnaker to use. | ||
| 4. At the side bar under "General settings", select "App clients", add a client. |
There was a problem hiding this comment.
| 4. At the side bar under "General settings", select "App clients", add a client. | |
| 4. At the side bar under **General settings**, select **App clients**, add a client. |
There was a problem hiding this comment.
Sorry, @joetancy, I should have done this the last time I looked at this. Can you change all UI elements to be in boldface instead of double-quotes? Thanks!
| 5. After that go to "App integration", then to "App client settings." | ||
| - Select "Cognito User Pool" as one of the "Enabled Identity Providers." | ||
| - Input your callback URL. | ||
| - Check the following |
There was a problem hiding this comment.
| - Check the following | |
| - Check the following: |
| - Check the following | ||
| - Authorization code grant, Implicit grant | ||
| - email, openid | ||
| - Also make sure you already have a domain name for your hosted UI |
There was a problem hiding this comment.
| - Also make sure you already have a domain name for your hosted UI | |
| - Also make sure you already have a domain name for your hosted UI. |
| - email, openid | ||
| - Also make sure you already have a domain name for your hosted UI | ||
|
|
||
| Have these credentials ready before moving on to the next step |
There was a problem hiding this comment.
| Have these credentials ready before moving on to the next step | |
| Have these credentials ready before moving on to the next step: |
Add a guide for AWS Cognito user pools to be used for OAuth2 authentication