Okta OIDC and AWS Cognito

AleksandarT · October 10, 2022, 3:02pm

Hello,
We are using Okta OIDC along with AWS Cognito.
If i test the Okta OIDC flow by itself (without Cognito), all works good - i have configured the access token to return the groups the user belongs to.

However, in Cognito, i have setup custom attribute groups, and i am trying to setup the OIDC attributes mapping for them to appear in the Cognito profile, but they are not appearing.

Any idea what am i missing?
Best Regards and Thanks a lot in advance!

andrea · October 10, 2022, 10:30pm

Where is Cognito expecting to receive these attributes from the IdP? From the ID Token? The Access Token? The Userinfo endpoint?

AleksandarT · October 11, 2022, 5:53am

Ideally we would want to have these attributes as part of the access token - but i am not sure if this is possible.
As a starting point i would want them to appear in the Users Profile, but they are not appearing.

andrea · October 13, 2022, 3:15pm

When Cognito requests tokens for the user, is it configured to use a Custom Authorization Server (e.g. issuer = https://oktadomain/oauth2/default/v1/authorize OR https://oktaDomain/oauth2/aus1234567890/v1/authorize) or is it using the Org Authorization Server (e.g. https://oktaDomain/oauth2/v1/authorize)?

Post		Replies	Views
Okta SAML attributes, Cognito and acces tokens SAML	3	2932	February 12, 2024
How to share groups between Okta and Cognito? OAuth/OIDC	2	1435	March 13, 2024
OIDC Mapping from Okta to Cognito OAuth/OIDC	1	3816	February 12, 2024
Okta for custom API's and JWT tokens OAuth/OIDC	3	4338	February 8, 2024
OpenId and AWS Cognito Federation Identity Questions	4	6546	January 26, 2024

Okta OIDC and AWS Cognito

Related topics