Skip to main content
Version: 3.x

AWS Cognito Configuration

Configuration Details

AWS Configuration

Before integrating Auth Connect into your Ionic app, you’ll need to get AWS Cognito up and running.

note

For complete information on configuring AWS Cognito, consult the official documentation which includes tutorials on creating user and identity pools and more.

When creating a User Pool, be sure to add an app client. Additional Auth Connect-related configurations can be found under the App integration and Federation sections.

Install Auth Connect

Run the following command to install the Auth Connect plugin. For the AUTH_URL_SCHEME variable, use the globally unique App Id (ex: com.company.app) you decided on when configuring the Azure AD app above.

Installation

If you have not already setup Ionic Enterprise in your app, follow the one-time setup steps.

Next, install the plugin:

npm install @ionic-enterprise/auth 
npx cap sync

Configure Auth Connect

It's recommended to create an AuthenticationService class that encapsulates AWS Cognito and Ionic Auth Connect’s login functionality.

Generate this class using the ionic generate command:


_10
ionic generate service services/authentication

Extend the IonicAuth class, then configure all AWS Cognito details in the IonicAuthOptions object:


_35
import { IonicAuth, IonicAuthOptions } from '@ionic-enterprise/auth';
_35
_35
export class AuthenticationService extends IonicAuth {
_35
_35
constructor() {
_35
const cognitoConfig: IonicAuthOptions = {
_35
// The auth provider.
_35
authConfig: 'cognito',
_35
// The platform which the app is running on
_35
platform: 'cordova',
_35
// client or application id for provider
_35
clientID: 'FILL_IN',
_35
// the discovery url for the provider
_35
// OpenID configuration
_35
discoveryUrl: 'FILL_IN',
_35
// the URI to redirect to after log in
_35
redirectUri: 'FILL_IN',
_35
// requested scopes from provider
_35
scope: 'FILL_IN',
_35
// the audience, if applicable
_35
audience: 'FILL_IN',
_35
// the URL to redirect to after log out
_35
logoutUrl: 'FILL_IN',
_35
// The type of iOS webview to use. 'shared' will use a webview that can
_35
// share session/cookies on iOS to provide SSO across multiple apps but
_35
// will cause a prompt for the user which asks them to confirm they want
_35
// to share site data with the app. 'private' uses a webview which will
_35
// not prompt the user but will not be able to share session/cookie data
_35
// either for true SSO across multiple apps.
_35
iosWebView: 'private'
_35
};
_35
_35
super(cognitoConfig);
_35
}
_35
}

Some of these IonicAuthOptions values are unique, and must be set based on your Cognito details:

  • platform: Use “cordova” or “capacitor” accordingly.
  • clientID: Your app’s Client ID, found under [User Pool] -> General Settings -> App clients.
  • redirectUri: The URI to redirect to after the user has logged in. Use the same AUTH_URL_SCHEME variable value (App Id) from when the Auth Connect plugin was installed. Example: com.company.app://callback. Find this under [User Pool] -> App Integration -> App client settings.
  • logoutUrl: The URI to redirect to after the user has logged out. Example: com.company.app://login?logout=true. Find this under [User Pool] -> App Integration -> App client settings.

The discoveryUrl formula is:

https://cognito-idp.REGION.amazonaws.com/USER-POOL-ID/.well-known.openid-configuration

Where REGION is the hosted AWS region (like "us-east-1) and USER-POOL-ID is the Pool Id (like "us-east-1_vdkald21"), found under [User Pool] -> General Settings.

What's Next?

Check out the full list of configuration options available, then implement the other steps in the Auth Connect workflow.

Contents