Amazon Cognito

Following the OAuth 2.0 standard, ModelOp Center requires the following Amazon Cognito configurations for a successful integration:

  1. User pool

  2. Resource server:

    1. rs/modelop_client

  3. App clients:

    1. gateway-service

    2. internal-client

    3. external-integration-client

Proposed
App Name

App Type

Client Secret Required

Authentication Flows

Allowed URLs

OAuth 2.0 Grant Types

OpenID Connect Scopes

Custom Scopes

Proposed
App Name

App Type

Client Secret Required

Authentication Flows

Allowed URLs

OAuth 2.0 Grant Types

OpenID Connect Scopes

Custom Scopes

gateway-service
(C2B)

Confidential
client

  • Default
    selection*

Allowed callback URLs:

  • <ModelOp Center URL>/login/oauth2/code/gateway-service


Allowed sign-out URLs:

  • <ModelOp Center URL>/

Authorization
code grant

  • email

  • openid

  • profile

 

internal-client
(B2B)

Confidential
client

  • Default
    selection

  • ALLOW_USER_PASSWORD_AUTH

 

Client
credentials

 

  • rs/modelop_client

external-integration-client
(C2B)

Public
client

 

  • Default
    selection

Allowed callback URLs:

  • <ModelOp Center URL>/jupyterOauth2ImplicitGrant.html

  • <MOC URL>/modelOpWDC.html

  • https://oauth.powerbi.com/views/oauthredirect.html

Implicit
grant

Authorization
code grant

  • email

  • openid

  • profile

 

*Default selection includes the following authentication flows:

  • ALLOW_REFRESH_TOKEN_AUTH

  • ALLOW_CUSTOM_AUTH

  • ALLOW_USER_SRP_AUTH

Required User Attributes

  • Family name

  • Given name

  • User name

  • Email

  • Group(s)

Amazon Cognito Guide

For detailed instructions on how to setup Amazon Cognito with the required configurations, please follow the Amazon Cognito: How-to guide.