Having trouble setting up AWS Cognito passwordless login

Support
1

Continuing the discussion from Cannot Change Theme in Discourse — Nothing Works:

Hi Carlos! Welcome to our community. :hugs:

Ugh, that’s annoying. I’m starting a new topic here if you are up for trying again with us. I’m not personally familiar with AWS Cognito. Can you tell us what you tried and where you got stuck? As a hosted customer, you can also reach out to team@discourse.org for personalized support.

According to our AI bot, it should be possible to set it up with the OpenID connect plugin.

AWS Cognito Setup for Discourse AI

tobiaseigen:

set up aws cognito

ForumHelperBot:

Thinking...The user is asking about setting up AWS Cognito. AWS Cognito is an authentication service provided by Amazon Web Services that helps you add user sign-up, sign-in, and access control to your web and mobile apps.

Let me search for any discussions or guides about AWS Cognito integration with Discourse to provide the most relevant information.

Search

Found 54 results for 'aws cognito integration discourse'

Thinking...I'll analyze the search results to provide information on setting up AWS Cognito integration with Discourse.

Based on the search results, there are several topics discussing AWS Cognito integration with Discourse. The main approach appears to be using the OpenID Connect Authentication Plugin for Discourse. Let me summarize the key information:

  1. There are multiple topics where users have successfully integrated AWS Cognito with Discourse using the OpenID Connect plugin.

  2. Some relevant topics include:

    • “Anyone have a working AWS Cognito configuration w/ ouath2, openid or sso?”
    • “Auto-sign-in with the OpenId Connect Plugin and AWS Cognito”
    • “Custom Login Flow: AWS Cognito SSO (via Passwordless Signin) - Is this possible?”
    • “OpenID Connect support in selfhosted Discourse instance”

  3. The official OpenID Connect plugin for Discourse is mentioned in these discussions: GitHub - discourse/discourse-openid-connect: Allows an OpenID Connect provider to be used as an authentication provider for Discourse

  4. One user mentioned they were able to enable SSO via AWS Cognito by following steps in these topics:

    • “OpenID Connect Authentication Plugin”
    • “Anyone have a working AWS Cognito configuration w/ ouath2, openid or sso?”

Let me read the most relevant topic to gather more specific instructions.

Setting up AWS Cognito with Discourse

Based on the search results, there are several successful implementations of AWS Cognito integration with Discourse using the OpenID Connect plugin. Here’s how you can set this up:

Step 1: Install the OpenID Connect Plugin

The Discourse OpenID Connect (OIDC) plugin allows you to use AWS Cognito as an authentication provider for Discourse.

To install the plugin, add it to your app.yml file:

- git clone https://github.com/discourse/discourse-openid-connect.git

Step 2: Configure AWS Cognito

  1. Create a user pool in AWS Cognito
  2. Set up an app client in your user pool
  3. Configure the callback URL to be https://your-discourse-site.com/auth/oidc/callback
  4. Note your Cognito domain, client ID, and client secret

Step 3: Configure the OpenID Connect Plugin in Discourse

Go to Admin > Settings > Plugins > openid connect and set the following:

  • openid connect enabled: true
  • openid connect discovery document: https://{cognito-domain}.auth.{region}.amazoncognito.com/{user-pool-id}/.well-known/openid-configuration
  • openid connect client id: Your Cognito app client ID
  • openid connect client secret: Your Cognito app client secret
  • openid connect authorize scope: openid email profile
  • openid connect token url: https://{cognito-domain}.auth.{region}.amazoncognito.com/oauth2/token
  • openid connect authorize url: https://{cognito-domain}.auth.{region}.amazoncognito.com/oauth2/authorize
  • openid connect user json url: https://{cognito-domain}.auth.{region}.amazoncognito.com/oauth2/userInfo

Additional Configuration Options

  • To enable auto sign-in, set openid connect authorize url to include ?prompt=none
  • You can customize the login button text with openid connect button title

Troubleshooting

If you encounter issues:

  • Make sure your callback URL is correctly set in both Cognito and Discourse
  • Verify that your client ID and secret are correct
  • Check that your Cognito user pool is properly configured to return the required user attributes

For more detailed implementation examples, check out this discussion where users have shared their successful configurations.

Would you like more specific information about any part of this setup process?

2 Likes
3

Thank you so much @tobiaseigen !

I started the community without AWS Cognito… my system is using the default Discourse auth system… it’s kind of hacky because, whenever my users become paying clients, a webhook on Stripe creates a new Discourse user using the API, generates a temporary password, and sends the credentials to them over email.

I wanted to use AWS Cognito because my main paid service is a course hosted on Gitbook, protected with an AWS Cognito passwordless authentication system. Reusing the system would be ideal for my users. But now it’s too late :slight_smile:

Anyway, I think I followed all steps you described… or maybe I missed something… everything worked perfectly, except for the fact that after entering the email and the authentication code, Discourse would redirect back to /login and not to / (the home). Inspecting the users on Discourse admin page, I saw that AWS Cognito would never create Discourse users.

Thanks anyway!

1 Like