I have setup my Okta application to use OpenId to communicate with AWS Cognito Federation Identities. I am able to authenticate with Okta and get an idToken and accessToken.
Where my problem lies is AWS needs a login URL for mapping when assigning credentials to a user. Here are other OpenId providers and their Login URLs.
// optional tokens, used for authenticated login
// See the Logins param for AWS.CognitoIdentity.getID (linked below)
Logins: {
'graph.facebook.com': 'FBTOKEN',
'www.amazon.com': 'AMAZONTOKEN',
'accounts.google.com': 'GOOGLETOKEN',
'api.twitter.com': 'TWITTERTOKEN',
'www.digits.com': 'DIGITSTOKEN'
}
Is it possible to configure trusts between OIDC Identity Providers (IdP). So, say you have an OIDC token from an external IdP X. With Cognito Federated Identities, one can add IdP X as a trusted IdP, and thus trust tokens that have been issued by IdP X?
Will I be forced to use SAML?