...
Open the Amazon Cognito console. If prompted, enter your AWS credentials
In the upper left corner, choose “User pools”
Choose your existing user pool
Choose “App integration”
Choose “Create resource server”
Resource server:
Enter a resource server name
Enter a resource server identifier of
rs
Custom scopes: Enter a scope name of “modelop_client”
Choose “Create resource server”
...
Open the Amazon Cognito console. If prompted, enter your AWS credentials
In the upper left corner, choose “User pools”
Choose your existing user pool
Choose “App integration”
Choose “Create app client”
App client
App type: “Confidential client”
App client name: Enter “internal-client”
Client secret: Choose “Generate a client secret”
Authentication flows: Selected default values
Refresh token expiration: Any
Access token expiration: 480 minutes
ID token expiration: 480 minutes
Advanced security configurations: Select
Enable token revocation
Prevent user existence errors
Hosted UI settings
Allowed callback URLs: None
Allowed sign-out URLs - optional: None
Identity providers: Select “Cognito user pool”
OAuth 2.0 Grant Types: Select “Client credentials”
Custom scopes: Select <resource-server-identifier>
rs/modelop_client
Attribute read and write permissions: Selected default values
Choose “Create app client”
...
Open the Amazon Cognito console. If prompted, enter your AWS credentials
In the upper left corner, choose “User pools”
Choose your existing user pool
Choose “App integration”
Choose “Create app client”
App client
App type: “Public client”
App client name: Enter “external-integration-client”
Client secret: Choose “Don’t generate a client secret”
Authentication flows: Selected default values
Refresh token expiration: Any
Access token expiration: 480 minutes
ID token expiration: 480 minutes
Advanced security configurations: Select
Enable token revocation
Prevent user existence errors
Hosted UI settings
Allowed callback URLs: Enter:
https://<ModelOp-Center-Env>/jupyterOauth2ImplicitGrant.html
https://<ModelOp-Center-Env>/modelOpWDC.html
https://oauth.powerbi.com/views/oauthredirect.html
Allowed sign-out URLs - optional: None
Identity providers: Select “Cognito user pool”
OAuth 2.0 Grant Types: Select “Implicit grant”
OpenID Connect scopes: Select
OpenID
Email
Profile
Custom scopes: None
Attribute read and write permissions: Selected default values
Choose “Create app client”
Additional notes
Cognito users
Follow these steps to create a user in your user pool:
Open the Amazon Cognito console. If prompted, enter your AWS credentials
In the upper left corner, choose “User pools”
Choose your existing user pool
Choose “Users”
Choose “Create user”
User information
Alias attributes used to sign in: Choose
User name
Email
Invitation message: Choose “Don't send an invitation”
User name: Enter a user name
Email address - optional: Enter an email address
Select “Mark email address as verified”
Temporary password: Choose “Set a password”
Password: Enter a temporary password
Choose “Create user”
Cognito groups
Follow these steps to create a group in your user pool:
Open the Amazon Cognito console. If prompted, enter your AWS credentials
In the upper left corner, choose “User pools”
Choose your existing user pool
Choose “Groups”
Choose “Create group”
Group information
Group name: Enter a group name
Choose “Create group”
Assign Cognito user to a Cognito group
Open the Amazon Cognito console. If prompted, enter your AWS credentials
In the upper left corner, choose “User pools”
Choose your existing user pool
Choose “Groups”
Choose an existing group
Choose “Add user to group”
Choose an existing user
Choose “Add”