Hi, I’d be interested in how I can integrate Office 365 Login - either from Cognito or somehow from the outside. I wouldn’t like to use SAML and handle the password, but rather OAuth…
Anything?
Hi, I’d be interested in how I can integrate Office 365 Login - either from Cognito or somehow from the outside. I wouldn’t like to use SAML and handle the password, but rather OAuth…
Anything?
Figured it out after reading 20+ blog posts and wading through tons of obstacles
Cognito SSO works with both SAML and OIDC (Open ID Connect).
The best description on using SAML was this one: https://www.idea11.com.au/how-to-set-up-aws-cognito-federation-office365/
It is slightly outdated though:
The best help for doing it with OIDC is found here: https://forums.aws.amazon.com/thread.jspa?threadID=287376&tstart=0
But I’ll restate the most important steps:
openid email https://graph.microsoft.com/user.read
https://sts.windows.net/TENANT_GUID
(The Tenant or Directory GUID you can also find from your AD application overviewNow you need to enable the provider in your Cognito App Client.
When the authentication is successful, your React-App is opened on the configured call-back URL. In order to get Amplify to give you an authorized session, you need to run this code:
await Auth.federatedSignIn(
`cognito-idp.${config.cognito.REGION}.amazonaws.com/${config.cognito.USER_POOL_ID}`,
{ token: id_token, expires_at: expires_in }
);
For now I just handle things from Login.js. Hopefully I’ll find time to refactor
useEffect(() => {
async function onLoad() {
var {access_token, id_token, expires_in} = qs.parse(window.location.hash);
if(access_token){
setIsLoading(true);
try {
await Auth.federatedSignIn(
`cognito-idp.${config.cognito.REGION}.amazonaws.com/${config.cognito.USER_POOL_ID}`,
{ token: id_token, expires_at: expires_in }
);
setIsLoading(false);
props.userHasAuthenticated(true);
} catch (e) {
alert(e.message);
setIsLoading(false);
}
}
}
onLoad();
}, []);
For query string parsing I use
import qs from "query-string";
which you’ll have to import using npm install query-string
.
Thank you for this! I know these are really hard to get working.