How do I set up external identity provider (OIDC) in an Amazon Cognito user pool and authenticate the user to access amazon chat in mobile?


I want to authenticate the users from external IDP using OIDC flow in native mobile application to access the Amazon connect chat.

1 Answer

Amazon Cognito is a user directory and an OAuth 2.0 identity provider (IdP). When you sign in local users to the Amazon Cognito directory, your user pool is an IdP to your app. A local user exists exclusively in your user pool directory without federation through an external IdP.

When you connect Amazon Cognito to social, SAML, or OpenID Connect (OIDC) IdPs, your user pool acts as a bridge between multiple service providers and your app. To your IdP, Amazon Cognito is a service provider (SP). Your IdPs pass an OIDC ID token or a SAML assertion to Amazon Cognito. Amazon Cognito reads the claims about your user in the token or assertion and maps those claims to a new user profile in your user pool directory. For more details, refer to the below documentation.

To set up external identity provider (OIDC) in an Amazon Cognito user pool and authenticate the user to access amazon chat in mobile, you can follow the steps mentioned below.

1. Set Up External IDP in AWS Cognito: You can enable your users who already have accounts with OpenID Connect (OIDC) identity providers (IdPs) to skip the sign-up step and sign in to your application using an existing account. With the built-in hosted web UI, Amazon Cognito provides token handling and management for all authenticated users. This way, your backend systems can standardize on one set of user pool tokens. Please refer to the below documentation, for more details.

2. Integrate OIDC Authentication in Mobile App: In your native mobile app, use an OIDC library or SDK to handle authentication. Also, implement the OIDC authentication flow in your app using the configuration details from the Cognito User Pool and external IDP.

3. Obtain OIDC Tokens: After successful authentication, your mobile app will receive OIDC tokens (id_token, access_token, and optionally refresh_token). Use these tokens to access resources in Amazon Cognito and Amazon Connect. When your user signs in to your application using an OIDC IdP, they pass through the following authentication flow mentioned in the documentation.

4. Access Amazon Connect Chat: Use the obtained tokens to authenticate with Amazon Connect. Implement the necessary logic in your mobile app to initiate and manage chat sessions with Amazon Connect.

These steps align with the general process of integrating OIDC authentication in a native mobile app to access Amazon Cognito and subsequently using the obtained tokens for authentication with Amazon Connect Chat.

[+] Code examples for Amazon Cognito Identity Provider using AWS SDKs -

Mihir G
answered 3 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions