From c37f03339baeede8f290dd27ee41a5056a7f765a Mon Sep 17 00:00:00 2001
From: Joe Tan <joetancy@users.noreply.github.com>
Date: Mon, 31 Aug 2020 16:57:11 +0800
Subject: [PATCH 1/3] added guide for aws cognito

---
 .../authentication/oauth/cognito/index.md     | 62 +++++++++++++++++++
 1 file changed, 62 insertions(+)
 create mode 100644 setup/security/authentication/oauth/cognito/index.md

diff --git a/setup/security/authentication/oauth/cognito/index.md b/setup/security/authentication/oauth/cognito/index.md
new file mode 100644
index 0000000000..52e615f46e
--- /dev/null
+++ b/setup/security/authentication/oauth/cognito/index.md
@@ -0,0 +1,62 @@
+---
+title:  "AWS Cognito"
+sidebar:
+  nav: setup
+---
+
+This page instructs you on how to obtain an OAuth 2.0 client ID and client secret for
+use with your AWS Cognito User Pools.
+
+## Setting up an AWS Cognito App Client
+
+1. Navigate to [https://aws.amazon.com/](https://aws.amazon.com/) and log in with your AWS credentials.
+2. Search for Cognito in the search bar.
+3. Select the user pools you want Spinnaker to use.
+4. At the side bar under "General settings", select "App clients", add a client
+  - Make sure you select "Generate client secret"
+5. After that go to "App integration", then to "App client settings"
+  - Select "Cognito User Pool" as one of the "Enabled Identity Providers"
+  - Input your callback url
+  - Check the following
+    - Authorization code grant, Implicit grant
+    - email, openid
+  - Also make sure you already have a domain name for your hosted UI
+  
+You should have these credentials ready before moving on to the next step
+- App client id
+- App client secret
+- Hosted UI domain name
+
+## Configure Halyard
+
+You may configure Halyard either with the CLI or by manually editing the hal config.
+
+### Hal config
+
+```yaml
+security:
+  authn:
+      oauth2:
+        enabled: true
+        client:
+          clientId: {CLIENT_ID}
+          clientSecret: {CLIENT_SECRET}
+          accessTokenUri: {YOUR_DOMAIN_NAME}/oauth2/token
+          userAuthorizationUri: {YOUR_DOMAIN_NAME}/oauth2/authorize
+          preEstablishedRedirectUri: {GATE_URL}/login
+          useCurrentUri: false
+        resource:
+          userInfoUri: {YOUR_DOMAIN_NAME}/oauth2/userInfo
+        userInfoMapping: {}
+        provider: OTHER
+```
+
+### CLI
+
+Set up OAuth 2.0 with AWS Cognito:
+
+`hal config security authn oauth2 edit --provider OTHER --client-id (client ID from above)  --client-secret (client secret from above) --access-token-uri (your domain name)/oauth2/token --user-authorization-uri (your domain name)/oauth2/authorize --user-info-uri (your domain name)/oauth2/userInfo`
+
+Now enable OAuth 2.0 using hal:
+
+`hal config security authn oauth2 enable`

From bbdd7c02a14d05fe8d4a10a2ce81c3ff7c2a9d74 Mon Sep 17 00:00:00 2001
From: Joe Tan <joetancy@users.noreply.github.com>
Date: Tue, 15 Sep 2020 10:29:50 +0800
Subject: [PATCH 2/3] Edited the doc based on comments in PR #2017

---
 .../authentication/oauth/cognito/index.md     | 24 +++++++++----------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/setup/security/authentication/oauth/cognito/index.md b/setup/security/authentication/oauth/cognito/index.md
index 52e615f46e..a714f97718 100644
--- a/setup/security/authentication/oauth/cognito/index.md
+++ b/setup/security/authentication/oauth/cognito/index.md
@@ -9,27 +9,27 @@ use with your AWS Cognito User Pools.
 
 ## Setting up an AWS Cognito App Client
 
-1. Navigate to [https://aws.amazon.com/](https://aws.amazon.com/) and log in with your AWS credentials.
+1. Navigate to [https://aws.amazon.com/cognito/](https://aws.amazon.com/cognito/) and log in with your AWS credentials.
 2. Search for Cognito in the search bar.
 3. Select the user pools you want Spinnaker to use.
-4. At the side bar under "General settings", select "App clients", add a client
-  - Make sure you select "Generate client secret"
-5. After that go to "App integration", then to "App client settings"
-  - Select "Cognito User Pool" as one of the "Enabled Identity Providers"
-  - Input your callback url
-  - Check the following
+4. At the side bar under "General settings", select "App clients", add a client.
+  - Make sure you select "Generate client secret."
+5. After that go to "App integration", then to "App client settings."
+  a) Select "Cognito User Pool" as one of the "Enabled Identity Providers."
+  b) Input your callback URL.
+  c) Check the following
     - Authorization code grant, Implicit grant
     - email, openid
-  - Also make sure you already have a domain name for your hosted UI
+  d) Also make sure you already have a domain name for your hosted UI
   
-You should have these credentials ready before moving on to the next step
+Have these credentials ready before moving on to the next step
 - App client id
 - App client secret
 - Hosted UI domain name
 
 ## Configure Halyard
 
-You may configure Halyard either with the CLI or by manually editing the hal config.
+You can configure Halyard either with the [CLI](/reference/halyard/commands/) or by manually editing the hal config.
 
 ### Hal config
 
@@ -53,10 +53,10 @@ security:
 
 ### CLI
 
-Set up OAuth 2.0 with AWS Cognito:
+1. Set up OAuth 2.0 with AWS Cognito:
 
 `hal config security authn oauth2 edit --provider OTHER --client-id (client ID from above)  --client-secret (client secret from above) --access-token-uri (your domain name)/oauth2/token --user-authorization-uri (your domain name)/oauth2/authorize --user-info-uri (your domain name)/oauth2/userInfo`
 
-Now enable OAuth 2.0 using hal:
+2. Enable OAuth 2.0 using:
 
 `hal config security authn oauth2 enable`

From 7e978a214d14735393683acd14090cdbbb3aae75 Mon Sep 17 00:00:00 2001
From: Joe Tan <joetancy@users.noreply.github.com>
Date: Wed, 16 Sep 2020 11:55:57 +0800
Subject: [PATCH 3/3] better bullet formatting

---
 .../security/authentication/oauth/cognito/index.md | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/setup/security/authentication/oauth/cognito/index.md b/setup/security/authentication/oauth/cognito/index.md
index a714f97718..033988f62f 100644
--- a/setup/security/authentication/oauth/cognito/index.md
+++ b/setup/security/authentication/oauth/cognito/index.md
@@ -13,14 +13,14 @@ use with your AWS Cognito User Pools.
 2. Search for Cognito in the search bar.
 3. Select the user pools you want Spinnaker to use.
 4. At the side bar under "General settings", select "App clients", add a client.
-  - Make sure you select "Generate client secret."
+    - Make sure you select "Generate client secret."
 5. After that go to "App integration", then to "App client settings."
-  a) Select "Cognito User Pool" as one of the "Enabled Identity Providers."
-  b) Input your callback URL.
-  c) Check the following
-    - Authorization code grant, Implicit grant
-    - email, openid
-  d) Also make sure you already have a domain name for your hosted UI
+    - Select "Cognito User Pool" as one of the "Enabled Identity Providers."
+    - Input your callback URL.
+    - Check the following
+       - Authorization code grant, Implicit grant
+       - email, openid
+    - Also make sure you already have a domain name for your hosted UI
   
 Have these credentials ready before moving on to the next step
 - App client id