Skip to content

Commit 86c56db

Browse files
jhart0jhart0
committed
Add OIDC support
1 parent cbc3eac commit 86c56db

File tree

2 files changed

+38
-0
lines changed

2 files changed

+38
-0
lines changed

cdk/src/cdk.ts

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -36,11 +36,15 @@ export class BackendStack extends cdk.Stack {
3636

3737
const domain = Utils.getEnv("COGNITO_DOMAIN_NAME");
3838
const identityProviderName = Utils.getEnv("IDENTITY_PROVIDER_NAME", "");
39+
const OIDCProviderName = Utils.getEnv("OIDC_PROVIDER_NAME", "");
3940

4041
const identityProviderMetadataURLOrFile = Utils.getEnv(
4142
"IDENTITY_PROVIDER_METADATA",
4243
""
4344
);
45+
const OIDCClientId = Utils.getEnv('OIDC_CLIENT_ID')
46+
const OIDCClientSecret = Utils.getEnv('OIDC_CLIENT_SECRET')
47+
const OIDCIssuerUrl = Utils.getEnv('OIDC_ISSUER_URL')
4448

4549
const appFrontendDeployMode = Utils.getEnv("APP_FRONTEND_DEPLOY_MODE", "");
4650

@@ -319,6 +323,28 @@ export class BackendStack extends cdk.Stack {
319323
supportedIdentityProviders.push(identityProviderName);
320324
}
321325

326+
if (OIDCProviderName && OIDCClientId && OIDCClientSecret && OIDCIssuerUrl) {
327+
const oidcProvider = new cognito.UserPoolIdentityProviderOidc(this, 'OidcProvider', {
328+
userPool,
329+
name: OIDCProviderName,
330+
clientId: OIDCClientId,
331+
clientSecret: OIDCClientSecret,
332+
issuerUrl: OIDCIssuerUrl,
333+
attributeRequestMethod: cognito.OidcAttributeRequestMethod.GET,
334+
scopes: ['openid', 'profile', 'email'],
335+
attributeMapping: {
336+
email: cognito.ProviderAttribute.other('email'),
337+
givenName: cognito.ProviderAttribute.other('given_name'),
338+
familyName: cognito.ProviderAttribute.other('family_name'),
339+
custom: {
340+
[groupsAttributeClaimName]: cognito.ProviderAttribute.other('groups'),
341+
}
342+
},
343+
});
344+
345+
supportedIdentityProviders.push(OIDCProviderName);
346+
}
347+
322348
// ========================================================================
323349
// Resource: Cognito App Client
324350
// ========================================================================

env.sh.template

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -56,6 +56,7 @@ export APP_URL=http://localhost:3000
5656
## 5. optional - for IdP integration
5757
## ====================================================================================================================
5858

59+
### SAML
5960
## the name you want for the Identity Provider
6061

6162
# export IDENTITY_PROVIDER_NAME=IdP
@@ -64,6 +65,17 @@ export APP_URL=http://localhost:3000
6465

6566
# export IDENTITY_PROVIDER_METADATA=<https://example.com/metadata.xml or $(cat path/to/metadata.xml)>
6667

68+
### OIDC
69+
## the name you want for the Identity Provider
70+
71+
# export OIDC_PROVIDER_NAME=OIDC
72+
73+
## the IdPs OIDC configuration settings
74+
75+
# export OIDC_CLIENT_ID=<client id>
76+
# export OIDC_CLIENT_SECRET=<client secret>
77+
# export OIDC_ISSUER_URL=<issuer url>
78+
6779
## ====================================================================================================================
6880
## 6. other optional configuration
6981
## ====================================================================================================================

0 commit comments

Comments
 (0)