forked from anttiviljami/cognito-oidc-react-example
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcloudformation.yml
52 lines (50 loc) · 1.44 KB
/
cloudformation.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
---
AWSTemplateFormatVersion: "2010-09-09"
Description: "Cognito OIDC React Example"
Resources:
OIDCUserPool:
Type: AWS::Cognito::UserPool
Properties:
UserPoolName: !Ref AWS::StackName
AliasAttributes:
- email
OIDCUserPoolClient:
Type: AWS::Cognito::UserPoolClient
Properties:
UserPoolId: !Ref OIDCUserPool
AllowedOAuthFlows:
- code
AllowedOAuthScopes:
- openid
AllowedOAuthFlowsUserPoolClient: true
CallbackURLs:
- "http://localhost:3000"
LogoutURLs:
- "http://localhost:3000"
SupportedIdentityProviders:
- !Ref GitHubIdP
OIDCHostedUIDomain:
Type: AWS::Cognito::UserPoolDomain
Properties:
UserPoolId: !Ref OIDCUserPool
Domain: !Ref AWS::StackName
GitHubIdP:
Type: AWS::Cognito::UserPoolIdentityProvider
Properties:
UserPoolId: !Ref OIDCUserPool
ProviderName: GitHub
ProviderType: OIDC
ProviderDetails:
# https://github.com/TimothyJones/github-cognito-openid-wrapper
oidc_issuer: https://75jeux5dx9.execute-api.eu-west-1.amazonaws.com/prod
client_id: f5afd0fde246a399d1c0
attributes_request_method: GET
authorize_scopes: "openid read:user user:email"
AttributeMapping:
email: email
username: sub
name: name
picture: picture
profile: profile
updated_at: updated_at
email_verified: email_verified