How to link Amazon Cognito with Orbita

Orbita has several built-in providers that you can configure for authentication. You can also configure third-party Oauth providers such as Social media sites including Facebook, Twitter, Microsoft, Amazon, and more. Oauth is an authorization framework specifically built for HTTP APIs that let the users grant access to an application to use their user data.

In Summary, Orbita supports account linking to any third-party system that supports the Auth Code Grant Flow of OAuth 2.0.

In this example, we will use Amazon Cognito. Amazon Cognito service is designed to provide APIs and infrastructure for key features in the user management space such as authentication, authorization, and managing user repositories with different operations for your web and mobile apps. Refer https://docs.aws.amazon.com/cognito/latest/developerguide/what-is-amazon-cognito.html for more information.

This web service lets you add user sign-up, sign-in, and access control to Orbita.

 

Amazon Cognito

  1. Go to console.aws.amazon.com

  2. Log in with your credentials when prompted.

  3. In the AWS Management Console, under the Security, Identity, & Compliance, select Cognito.

     

  4. On the Amazon Cognito home screen, select Manage User Pools.

Create a user pool

  1. Click on the Create user pool button.

     

  2. Give a user pool name and click on the Review defaults button.

     

  3. You will be navigated to the review screen. Click on the Create pool button.

     

  4. Your User pool is created successfully.

General Settings

App client

  1. Select the User pool.

  2. Navigate to the Side menu > General Settings >App clients.

  3. Click on the Add an app client button

  4. Give a name for the app client.

  5. Configure the rest of the settings as you require (for this example, we use the default settings).

  6. Scroll down to the end of the page and click on Create app client.

  7. Note the App client id. (Client ID is a publicly exposed string that is used by the service API to identify the application and is also used to build the authorization URLs that are presented to the users.

     

  8. Click on the Show Details button to view the App client secret.

App Integration

App client settings

  1. Navigate to the Side menu > App integration > App client settings.

     

  2. Click on the Cognito User pool check box.

  3. Fill in the Callback URL with the chatbot endpoint.
    Eg: https://sandbox15.orbita.cloud:8443/oeapi/bot/docflow

  4. Use the https://<domain-name>.orbita.cloud:8443/oeapi/logout for the Sign out URL.

  5. Under OAuth2.0 > Allowed OAuth Flows, enable Authorization code grant and Implicit grant.

  6. Under the Allowed OAuth scopes, check everything except the aws.cognito.signin.user.admin.

  7. Click Save changes.

Domain name

  1. Navigate to the Side menu > App integration > Domain name.

     

  2. Enter a Domain prefix and click on the Check Availability button

     

  3. You will be notified about the availability of the domain name.

     

  4. Click on Save changes.

     

In this example, my Domain URL is https://sandbox15..auth.us-east-2.amazoncognito.com

Orbita Experience Manager

Provider Settings

  1. Login to Experience Manager. Navigate to Global Settings and User profile menu > Settings > Provider.

     

  2. On the provider listing screen, click on the icon to Add a provider.

     

  3. Give a provider name without spaces.

  4. In the Authorization URL field, enter the <Custom-Domain-URL>/oauth2/authorize.

  5. In the Token URL field, enter the <Custom-Domain-URL>/oauth2/token.

  6. Enter the App client id from Cognito.

  7. Enter the App client secret from Cognito.

  8. Enter callback URL. eg: https://<domain-name>.orbita.cloud:8443/api/auth/<provider-name>/callback

  9. As we have enabled multiple scopes in Cognito > app client settings, you can provide any of those scopes here.

  10. When an account is linked, a placeholder user is created in Orbita. The user is created using the persona type specified in the drop-down menu. Select any one of these. (In this example, we selected patient persona).

     

  11. Profile options will fetch and store the information of the logged-in user from the client’s database.
    A Json code that contains the URL, header, method, body, and attributes is to be used in this field to get the data.
    In this example, we used the below code.

    { "url": "https://sandbox15..auth.us-east-2.amazoncognito.com/oauth2/userInfo", "method": "GET", "header": { "content-type": "application/json", "Authorization": "Bearer __ACCESS_TOKEN__" }, "attributes": { "id": "email", "firstName": "name", "lastName": "given_name" } }
  12. Click on the button to save the Provider.

Adding the Provider to a Project

  1. Navigate to the project listing screen.

  2. Click on the verticle ellipses against the project and click on Edit.

  3. Select the OAuth provider from the dropdown.

     

  4. Click on Update.

Testing the integration

  1. Load the chatbot.

  2. Click on the login button when prompted to log in. See https://orbita.atlassian.net/wiki/spaces/OCS/pages/648970363

     

  3. When you click the Login button, you will be navigated to the Cognito authentication page in a new tab.

     

  4. Login with an existing account or create a new one using the Sign-up link.

  5. If you set the user pool to require further authentication to log in, it will ask for a verification code.

  6. Enter the verification code to get logged into the chatbot.

  7. You will be navigated back to the chatbot upon successful authentication.

Video Content

https://cdn.orbita.cloud/assets/orbita/experiencedesigner/Authenticationproviders.mp4

Related Articles

https://orbita.atlassian.net/wiki/spaces/OCS/pages/7176586

Â