Amazon Cognito

Use Amazon Cognito when your users already authenticate through a Cognito user pool and your drio app needs to call protected systems as that user.

What You Need From AWS

• a Cognito user pool domain
• an app client ID
• an app client secret, if your app client requires one
• allowed OAuth scopes
• the drio callback URL

Find Your Cognito Domain

In AWS, open:

Amazon Cognito -> User pools -> your user pool -> App integration -> Domain

Use either the Cognito prefix domain:

https://your-prefix.auth.us-east-1.amazoncognito.com

or your Cognito custom domain:

https://auth.example.com

AWS documents both options in Configuring a user pool domain.

Configure The drio Preset

In drio, create an Amazon Cognito OAuth auth config and replace the placeholder domain values.

AWS documents the Hosted UI authorization endpoint in Authorization endpoint and the token exchange in Token endpoint.

Configure The App Client In AWS

In AWS, open:

Amazon Cognito -> User pools -> your user pool -> App integration -> App clients -> your app client

Confirm the app client:

• allows the authorization code flow
• allows the scopes you entered in drio
• includes the drio callback URL in the allowed callback URLs
• uses a client secret only if your drio auth config includes that secret

AWS covers the managed login and app-client setup in User pool managed login.

Test Sign-In

After saving both sides, test the protected tool from drio. If Cognito rejects the flow, check these values first:

• the callback URL in AWS exactly matches the drio callback URL
• the Cognito domain does not include a trailing slash in drio
• the scopes in drio are enabled for the app client
• the client secret setting matches the app client's configuration