Cognito

Provides an integration against Amazon Cognito. When this module is enabled, all user authentication flows are handled through Cognito, including User Registration, User Login and Password Reset.

Why use this module?

Federated Login

You can provide federated login between multiple systems, you may have a mobile app, another web app or other Drupal instances, all communicating with the same User Pool.

Access to AWS Resources

When you authenticate through Cognito, the token can be used to access other AWS resources. We need to do some work to expose this information but it's a use case that is attractive and will be solved. E.g. if you were using API gateway, your Drupal login could be used to control access to those API endpoints.

Logging in with other identity providers

The best way to achieve this currently is to install OpenID Connect and assign a domain to your User Pool. This way, you'll use the AWS hosted login form which can handle signing users in with Facebook/Google/SAML and your own User Pool which this module will be registering users into directly.

Setup

Currently the module only supports a "Email" Cognito flow process, which basically means email is used for the unique identifier. You must set this when you create your User Pool, it cannot be changed later. In the future support for a "Username" flow will also be added.

Here are the relevant configuration details that are required.

$settings['cognito'] = [
  'region' => 'us-east-2',
  'credentials' => [
    'key' => '',
    'secret' => '',
  ],
  'user_pool_id' => 'us-east-2_XXXXXXX',
  'client_id' => '',
];