Okta OIDC and AWS Cognito

AleksandarT · October 10, 2022, 3:02pm

Hello,
We are using Okta OIDC along with AWS Cognito.
If i test the Okta OIDC flow by itself (without Cognito), all works good - i have configured the access token to return the groups the user belongs to.

However, in Cognito, i have setup custom attribute groups, and i am trying to setup the OIDC attributes mapping for them to appear in the Cognito profile, but they are not appearing.

Any idea what am i missing?
Best Regards and Thanks a lot in advance!

andrea · October 10, 2022, 10:30pm

Where is Cognito expecting to receive these attributes from the IdP? From the ID Token? The Access Token? The Userinfo endpoint?

AleksandarT · October 11, 2022, 5:53am

Ideally we would want to have these attributes as part of the access token - but i am not sure if this is possible.
As a starting point i would want them to appear in the Users Profile, but they are not appearing.

andrea · October 13, 2022, 3:15pm

When Cognito requests tokens for the user, is it configured to use a Custom Authorization Server (e.g. issuer = https://oktadomain/oauth2/default/v1/authorize OR https://oktaDomain/oauth2/aus1234567890/v1/authorize) or is it using the Org Authorization Server (e.g. https://oktaDomain/oauth2/v1/authorize)?