This repository has been archived by the owner on Jul 10, 2021. It is now read-only.
docs(OAuth2):added guide for aws cognito #2017
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change | ||||
|---|---|---|---|---|---|---|
| @@ -0,0 +1,62 @@ | ||||||
| --- | ||||||
| title: "AWS Cognito" | ||||||
| sidebar: | ||||||
| nav: setup | ||||||
| --- | ||||||
|
|
||||||
| This page instructs you on how to obtain an OAuth 2.0 client ID and client secret for | ||||||
| use with your AWS Cognito User Pools. | ||||||
|
|
||||||
| ## Setting up an AWS Cognito App Client | ||||||
|
|
||||||
| 1. Navigate to [https://aws.amazon.com/](https://aws.amazon.com/) and log in with your AWS credentials. | ||||||
| 2. Search for Cognito in the search bar. | ||||||
| 3. Select the user pools you want Spinnaker to use. | ||||||
| 4. At the side bar under "General settings", select "App clients", add a client | ||||||
|
There was a problem hiding this comment.
Suggested change
|
||||||
| - Make sure you select "Generate client secret" | ||||||
|
There was a problem hiding this comment.
Suggested change
|
||||||
| 5. After that go to "App integration", then to "App client settings" | ||||||
|
There was a problem hiding this comment.
Suggested change
|
||||||
| - Select "Cognito User Pool" as one of the "Enabled Identity Providers" | ||||||
|
There was a problem hiding this comment.
Suggested change
There was a problem hiding this comment. This one, and the ones following, should probably be numbered instead of sub-bullets. They're just further steps, right? (The two items under "Check the following" are ok as bullets though, of course. |
||||||
| - Input your callback url | ||||||
|
There was a problem hiding this comment.
Suggested change
There was a problem hiding this comment. Periods for all these that are complete sentences. |
||||||
| - Check the following | ||||||
| - Authorization code grant, Implicit grant | ||||||
| - email, openid | ||||||
| - Also make sure you already have a domain name for your hosted UI | ||||||
|
|
||||||
| You should have these credentials ready before moving on to the next step | ||||||
|
There was a problem hiding this comment.
Suggested change
|
||||||
| - App client id | ||||||
| - App client secret | ||||||
| - Hosted UI domain name | ||||||
|
|
||||||
| ## Configure Halyard | ||||||
|
|
||||||
| You may configure Halyard either with the CLI or by manually editing the hal config. | ||||||
|
There was a problem hiding this comment.
Suggested change
|
||||||
|
|
||||||
| ### Hal config | ||||||
|
|
||||||
| ```yaml | ||||||
| security: | ||||||
| authn: | ||||||
| oauth2: | ||||||
| enabled: true | ||||||
| client: | ||||||
| clientId: {CLIENT_ID} | ||||||
| clientSecret: {CLIENT_SECRET} | ||||||
| accessTokenUri: {YOUR_DOMAIN_NAME}/oauth2/token | ||||||
| userAuthorizationUri: {YOUR_DOMAIN_NAME}/oauth2/authorize | ||||||
| preEstablishedRedirectUri: {GATE_URL}/login | ||||||
| useCurrentUri: false | ||||||
| resource: | ||||||
| userInfoUri: {YOUR_DOMAIN_NAME}/oauth2/userInfo | ||||||
| userInfoMapping: {} | ||||||
| provider: OTHER | ||||||
| ``` | ||||||
|
|
||||||
| ### CLI | ||||||
|
|
||||||
| Set up OAuth 2.0 with AWS Cognito: | ||||||
|
There was a problem hiding this comment.
Suggested change
|
||||||
|
|
||||||
| `hal config security authn oauth2 edit --provider OTHER --client-id (client ID from above) --client-secret (client secret from above) --access-token-uri (your domain name)/oauth2/token --user-authorization-uri (your domain name)/oauth2/authorize --user-info-uri (your domain name)/oauth2/userInfo` | ||||||
|
|
||||||
| Now enable OAuth 2.0 using hal: | ||||||
|
There was a problem hiding this comment.
Suggested change
|
||||||
|
|
||||||
| `hal config security authn oauth2 enable` | ||||||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we link directly to the Cognito page?