AWS Cognito provider setup for Users & Permissions
The present page explains how to setup the AWS Cognito provider for the Users & Permissions feature.
Prerequisites
You have read the Users & Permissions providers documentation.
AWS Cognito configuration
 Note
AWS Cognito accepts the localhost urls. 
The use of ngrok is not needed.
- Visit the AWS Management Console 
 https://aws.amazon.com/console/
- If needed, select your Region in the top right corner next to the Support dropdown
- Select the Services dropdown in the top left corner
- Click on Cognito in the Security, Identity & Compliancesection
- Then click on the Manage User Pools button
- If applicable either create or use an existing user pool. You will find hereafter a tutorial to create a User Pool 
 https://docs.aws.amazon.com/cognito/latest/developerguide/tutorial-create-user-pool.html
- Go to the App clients section in your cognito user pool and create a new client with the name Strapi Authand set all the parameters and then click on Create app client
- You should now have an App client id and by clicking on the button Show Details you will be able to see the App client secret. Do copy those two values App client id and App client secret somewhere for later use when configuring the AWS Cognito provider in Strapi.
- Go to the App integration section and click on App client settings
- Look for your app client named Strapi Authand enable Cognito User Pool by checking it in the Enabled Identity Providers section of your newly created App client
- Fill in your callback URL and Sign out URL with the value http://localhost:1337/api/connect/cognito/callbackor the one provided by your AWS Cognito provider in Strapi
- In the Oauth 2.0 section select Authorization code grantandImplicit grantfor the Allowed OAuth Flows and selectemail,openidandprofilefor the Allowed OAuth Scopes
- You can now click on Save changes and if you have already configured your domain name then you should be able to see a link to the Launch Hosted UI. You can click on it in order to display the AWS Cognito login page. In case you haven't yet configured your domain name, use the link Choose domain name at the bottom right of the page in order to configure your domain name. On that page you will have an Amazon Cognito Domainsection where aDomain prefixis already setup. Type a domain prefix to use for the sign-up and sign-in pages that are hosted by Amazon Cognito, this domain prefix together with the.auth.YOUR_REGION.amazoncognito.comwill be the Host URI (Subdomain) value for your strapi configuration later on.
Strapi configuration
- Visit the User & Permissions provider settings page at http://localhost:1337/admin/settings/users-permissions/providers
- Click on the Cognito provider
- Fill the information (replace with your own client ID and secret):
- Enable: ON
- Client ID: fill in the App client id (5bd7a786qdupjmi0b3s10vegdt)
- Client Secret: fill in the App client secret (19c5c78dsfsdfssfsdfhpdb4nkpb145vesdfdsfsffgh7vwd6g45jlipbpb)
- Host URI (Subdomain): fill in the URL value that you copied earlier (myapp67b50345-67b50b17-local.auth.eu-central-1.amazoncognito.com)
- The redirect URL to your front-end app: if you are using strapi react-login https://github.com/strapi/strapi-examples/tree/master/examples/login-react/ use http://localhost:3000/connect/cognito/redirectbut if you do not yet have a front-end app to test your Cognito configuration you can then use the following URLhttp://localhost:1337/api/auth/cognito/callback
 
- Enable: 
Your configuration is done.
Launch the backend and the react login example application, go to http://localhost:3000 and try to connect to the provider you configured.