Prepare Cognito¶
CloudFormation¶
The following CloudFormation template will create
- User Pool, a directory of users
- User Pool Client - an entity that holds the configuration of authentication flow
AWSTemplateFormatVersion: "2010-09-09"
Description: Cognito Stack
Parameters:
Domain:
Type: String
Description: Unique Name for Cognito Resources
SignInCallback:
Type: String
Description: Full URL to be called after used is signed in
Resources:
UserPool:
Type: "AWS::Cognito::UserPool"
Properties:
UserPoolName: !Join ['-', [!Ref Domain, 'user-pool']]
AutoVerifiedAttributes:
- email
Schema:
- Name: email
AttributeDataType: String
Mutable: false
Required: true
PoolClientUser:
Type: AWS::Cognito::UserPoolClient
Description: Pool client to be used by users
Properties:
ClientName: !Join ['-', [!Ref Domain, 'cognito-user-pool-client']]
UserPoolId: !Ref UserPool
AllowedOAuthFlows:
- code
CallbackURLs:
- !Ref SignInCallback
AllowedOAuthFlowsUserPoolClient: true
AllowedOAuthScopes:
- email
- openid
SupportedIdentityProviders:
- COGNITO
Domain¶
The template doesn’t create a Domain (not supported by CLoudFormation as of December 2019) so it should be created manually from console or through API calls.
Both options - “Amazon Cognito domain” and “Your own domain” are supported. Don’t forget to pass it to Flask app config.
Redirect URL¶
One of the stack parameters of the CloudFormation template is a redirect URL. It’s a Flask endpoint users will be redirected to after successful sign in (see Usage).
ID to pass to Flask¶
After resources are created we need User Pool ID, User Pool Client ID and User Pool Client Secret (not shown on the screenshots) to configure Flask: