Fix #5204: Support AWS Cognito SSO for user authentication (#5205)

2025-12-29 08:29:09 +00:00 · 2022-05-28 18:27:24 -07:00 · 2022-05-28 18:27:24 -07:00 · 256e192d7a
commit 256e192d7a
parent 994a83bb95
9 changed files with 52 additions and 9 deletions
--- a/openmetadata-ui/src/main/resources/ui/src/assets/img/icon-aws-cognito.png
+++ b/openmetadata-ui/src/main/resources/ui/src/assets/img/icon-aws-cognito.png
--- a/openmetadata-ui/src/main/resources/ui/src/authentication/auth-provider/AuthProvider.tsx
+++ b/openmetadata-ui/src/main/resources/ui/src/authentication/auth-provider/AuthProvider.tsx
@ -203,7 +203,9 @@ export const AuthProvider = ({
      .then((res: AxiosResponse) => {
        if (res.data) {
          const updatedUserData = getUserDataFromOidc(res.data, user);
-          if (!matchUserDetails(res.data, updatedUserData, ['profile'])) {
+          if (
+            !matchUserDetails(res.data, updatedUserData, ['profile', 'email'])
+          ) {
            getUpdatedUser(updatedUserData, res.data);
          } else {
            appState.updateUserDetails(res.data);
@ -416,7 +418,8 @@ export const AuthProvider = ({
        );
      }
      case AuthTypes.GOOGLE:
-      case AuthTypes.CUSTOM_OIDC: {
+      case AuthTypes.CUSTOM_OIDC:
+      case AuthTypes.AWS_COGNITO: {
        return authConfig ? (
          <OidcAuthenticator
            childComponentType={childComponentType}
--- a/openmetadata-ui/src/main/resources/ui/src/enums/signin.enum.ts
+++ b/openmetadata-ui/src/main/resources/ui/src/enums/signin.enum.ts
@ -18,4 +18,5 @@ export enum AuthTypes {
  AUTH0 = 'auth0',
  AZURE = 'azure',
  CUSTOM_OIDC = 'custom-oidc',
+  AWS_COGNITO = 'aws-cognito',
 }
--- a/openmetadata-ui/src/main/resources/ui/src/pages/login/index.test.tsx
+++ b/openmetadata-ui/src/main/resources/ui/src/pages/login/index.test.tsx
@ -74,6 +74,7 @@ describe('Test SigninPage Component', () => {
    ['auth0', 'Sign in with auth0'],
    ['azure', 'Sign in with azure'],
    ['custom-oidc', 'Sign in with sso'],
+    ['aws-cognito', 'Sign in with aws cognito'],
    ['unknown-provider', 'SSO Provider unknown-provider is not supported'],
  ])(
    'Sign in button should render correctly for %s',
--- a/openmetadata-ui/src/main/resources/ui/src/pages/login/index.tsx
+++ b/openmetadata-ui/src/main/resources/ui/src/pages/login/index.tsx
@ -80,6 +80,12 @@ const SigninPage = () => {

        break;
      }
+      case AuthTypes.AWS_COGNITO: {
+        ssoBrandLogo = Icons.COGNITO_ICON;
+        ssoBrandName = 'AWS Cognito';
+
+        break;
+      }
      case AuthTypes.AZURE: {
        ssoBrandLogo = Icons.AZURE_ICON;
        ssoBrandName = 'Azure';
--- a/openmetadata-ui/src/main/resources/ui/src/router/AppRouter.tsx
+++ b/openmetadata-ui/src/main/resources/ui/src/router/AppRouter.tsx
@ -32,13 +32,19 @@ const AppRouter = () => {
    getCallBackComponent,
  } = useAuthContext();
  const callbackComponent = getCallBackComponent();
+  const oidcProviders = [
+    AuthTypes.GOOGLE,
+    AuthTypes.AWS_COGNITO,
+    AuthTypes.CUSTOM_OIDC,
+  ];
+  const isOidcProvider =
+    authConfig?.provider && oidcProviders.includes(authConfig.provider);

  return loading ? (
    <Loader />
  ) : (
    <>
-      {authConfig?.provider === AuthTypes.GOOGLE ||
-      authConfig?.provider === AuthTypes.CUSTOM_OIDC ? (
+      {isOidcProvider ? (
        <AuthenticatedAppRouter />
      ) : (
        <>
--- a/openmetadata-ui/src/main/resources/ui/src/utils/AuthProvider.util.ts
+++ b/openmetadata-ui/src/main/resources/ui/src/utils/AuthProvider.util.ts
@ -42,7 +42,7 @@ export const getRedirectUri = (callbackUrl: string) => {
 export const getUserManagerConfig = (
  authClient: Record<string, string> = {}
 ): Record<string, string | boolean | WebStorageStateStore> => {
-  const { authority, clientId, callbackUrl } = authClient;
+  const { authority, clientId, callbackUrl, responseType, scope } = authClient;

  return {
    authority,
@ -50,10 +50,10 @@ export const getUserManagerConfig = (
    // eslint-disable-next-line @typescript-eslint/camelcase
    client_id: clientId,
    // eslint-disable-next-line @typescript-eslint/camelcase
-    response_type: 'id_token',
+    response_type: responseType,
    // eslint-disable-next-line @typescript-eslint/camelcase
    redirect_uri: getRedirectUri(callbackUrl),
-    scope: 'openid email profile',
+    scope,
    userStore: new WebStorageStateStore({ store: localStorage }),
  };
 };
@ -87,6 +87,8 @@ export const getAuthConfig = (
          callbackUrl: redirectUri,
          provider,
          providerName,
+          scope: 'openid email profile',
+          responseType: 'id_token',
        };
      }

@ -98,6 +100,21 @@ export const getAuthConfig = (
          clientId,
          callbackUrl: redirectUri,
          provider,
+          scope: 'openid email profile',
+          responseType: 'id_token',
+        };
+      }
+
+      break;
+    case AuthTypes.AWS_COGNITO:
+      {
+        config = {
+          authority,
+          clientId,
+          callbackUrl: redirectUri,
+          provider,
+          scope: 'openid email profile',
+          responseType: 'code',
        };
      }

--- a/openmetadata-ui/src/main/resources/ui/src/utils/SvgUtils.tsx
+++ b/openmetadata-ui/src/main/resources/ui/src/utils/SvgUtils.tsx
@ -13,6 +13,7 @@

 import React, { FunctionComponent } from 'react';
 import IconAuth0 from '../assets/img/icon-auth0.png';
+import IconCognito from '../assets/img/icon-aws-cognito.png';
 import IconAzure from '../assets/img/icon-azure.png';
 import IconGithub from '../assets/img/icon-github.png';
 import IconGoogle from '../assets/img/icon-google.png';
@ -156,6 +157,7 @@ export const Icons = {
  AZURE_ICON: 'azure-icon',
  GOOGLE_ICON: 'google-icon',
  OKTA_ICON: 'okta-icon',
+  COGNITO_ICON: 'cognito-icon',
  GITHUB_ICON: 'github-icon',
  AUTH0_ICON: 'auth0-icon',
  EDIT: 'icon-edit',
@ -354,6 +356,10 @@ const SVGIcons: FunctionComponent<Props> = ({
    case Icons.OKTA_ICON:
      IconComponent = IconOkta;

+      break;
+    case Icons.COGNITO_ICON:
+      IconComponent = IconCognito;
+
      break;
    case Icons.GITHUB_ICON:
      IconComponent = IconGithub;
--- a/openmetadata-ui/src/main/resources/ui/src/utils/UserDataUtils.ts
+++ b/openmetadata-ui/src/main/resources/ui/src/utils/UserDataUtils.ts
@ -12,7 +12,7 @@
 */

 import { AxiosError, AxiosResponse } from 'axios';
-import { isEmpty, isEqual, isUndefined } from 'lodash';
+import { isEqual, isUndefined } from 'lodash';
 import { SearchedUsersAndTeams, SearchResponse } from 'Models';
 import AppState from '../AppState';
 import { OidcUser } from '../authentication/auth-provider/AuthProvider.interface';
@ -64,11 +64,14 @@ export const getUserDataFromOidc = (
  const images = oidcUser.profile.picture
    ? getImages(oidcUser.profile.picture)
    : undefined;
+  const profileEmail = oidcUser.profile.email;
+  const email = profileEmail ? profileEmail : userData.email;

  return {
    ...userData,
+    email,
    displayName: oidcUser.profile.name,
-    profile: !isEmpty(images) ? { images } : userData.profile,
+    profile: images ? { images } : userData.profile,
  };
 };