Cognito Hosted UI to Custom UI

Question

A customer has been using Cognito Hosted UI. But they have a hard security requirement of having Hosted UI session Cookie duration to be 30 mins. Given that the Hosted UI Session Cookie duration is not customizable yet, so they are looking to change to custom UI to meet the security requirements.

Their current setup is as follows:

-  [IdentityServer][1] as their OpenID Connect based Identity provider in front of a self-managed user store in database
 - Cognito Hosted UI configured against the App Client with the above identity provider

if the current set up changed to self-hosted UI , what changes are need to the App Client Settings ?

How will overall Auth flow look like in the new world?

[1]: http://%20https://identityserver4.readthedocs.io/en/latest/index.html

Accepted Answer

As I read it, they are using federation to an external OIDC provider. federation uses oauth2 endpoints and the 1-hour session cookie will be created whether hosted UI is used or not (federation always uses hosted UI). custom UI could be used only in the case of native-user sign-in with username and password.

Cognito Hosted UI to Custom UI

関連するコンテンツ