Skip to content

Commit 9d738d5

Browse files
committed
Add AWS Cognito configuration docs.
This took me way too long to figure out (and I had a reference to compare with). They key is to Single-page application (SPA), otherwise the settings may look almost identical but nothing works. Signed-off-by: Gerd Zellweger <mail@gerdzellweger.com>
1 parent 2942914 commit 9d738d5

File tree

3 files changed

+77
-2
lines changed

3 files changed

+77
-2
lines changed
Lines changed: 73 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,73 @@
1+
# Authentication
2+
3+
This document describes how to configure authentication providers to work with **Feldera**.
4+
5+
## AWS Cognito
6+
7+
To configure AWS Cognito as an authentication provider, follow these steps:
8+
9+
10+
### Create a Cognito User Pool
11+
12+
In the AWS Console:
13+
14+
- Navigate to **Amazon Cognito** and create a new **User Pool**.
15+
- Choose any settings appropriate to your organization (e.g., required user attributes, password policies).
16+
17+
18+
### Create an App Client
19+
20+
Once the User Pool is created:
21+
22+
- Go to the **App clients** section and create a new app client.
23+
- **Select "Single-page application (SPA)"** as the app client type.
24+
- In the **Return URL** field, add: `https://<your-domain>/auth/callback/`
25+
26+
:::note
27+
28+
**Important:** The trailing slash (`/`) at the end of the URL **must be included**. AWS Cognito requires exact URL matching, and omitting the slash may result in redirect errors.
29+
30+
:::
31+
32+
### Configure OAuth 2.0 Settings
33+
34+
In the App Client's **Login Settings**:
35+
36+
- Add `https://<your-domain>/auth/callback/` to the **Callback URLs**.
37+
- Enable the following **OAuth 2.0 grant types**:
38+
- `Authorization code grant`
39+
- `Implicit grant`
40+
- Select the following **OpenID Connect scopes**:
41+
- `email`
42+
- `profile`
43+
- `openid`
44+
45+
### Set Up Domain and Branding
46+
47+
Go to the **App integration → Domain name** section and set up a custom domain or use the AWS-hosted one (e.g., `your-app.auth.us-west-1.amazoncognito.com`).
48+
49+
This domain will be used in your login and logout URLs.
50+
51+
### Configure Helm Chart (`values.yaml`)
52+
53+
In your Feldera Helm chart configuration (`values.yaml`), fill out the `auth` section with the information from the Cognito console:
54+
55+
```yaml
56+
auth:
57+
enabled: true
58+
provider: "aws-cognito"
59+
clientId: "<your-client-id>"
60+
issuer: "https://cognito-idp.<region>.amazonaws.com/<user-pool-id>"
61+
cognitoLoginUrl: "https://<your-domain>.auth.<region>.amazoncognito.com/login?client_id=<your-client-id>&response_type=code&scope=email+openid"
62+
cognitoLogoutUrl: "https://<your-domain>.auth.<region>.amazoncognito.com/logout?client_id=<your-client-id>"
63+
```
64+
65+
Replace all placeholders (`<your-client-id>`, `<region>`, `<user-pool-id>`, `<your-domain>`) with values from the AWS Cognito console.
66+
67+
| Placeholder | Description |
68+
| ------------------ | ---------------------------------------------------------------------------------- |
69+
| `<your-client-id>` | Found under **App client information** in your Cognito User Pool. |
70+
| `<user-pool-id>` | Found in the User Pool's main page. |
71+
| `<region>` | The AWS region of your User Pool (e.g., `us-west-1`). |
72+
| `<your-domain>` | Your Cognito domain, under **Branding → Domain name**. |
73+
| `issuer` | Has the form of `https://cognito-idp.<region>.amazonaws.com/<user-pool-id>`. |

docs.feldera.com/docs/get-started/enterprise/index.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -28,3 +28,4 @@ our [free online sandbox](https://try.feldera.com).
2828
1. [**Quickstart**](quickstart.md)
2929
2. [**Helm guide**](helm-guide.md)
3030
3. [**Kubernetes guides**](kubernetes-guides)
31+
3. [**Authentication**](authentication)

docs.feldera.com/docs/sidebars.js

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -54,9 +54,10 @@ const installation = {
5454
'get-started/enterprise/kubernetes-guides/eks/cluster',
5555
'get-started/enterprise/kubernetes-guides/eks/ingress'
5656
]
57-
}
57+
},
5858
]
59-
}
59+
},
60+
'get-started/enterprise/authentication',
6061
]
6162
}
6263
]

0 commit comments

Comments
 (0)