Search code examples
angularamazon-cognitofederated-identity

AWS Cognito - Federation Identity Provider login page directly (without cognito login page)

I am using AWS Cognito User pool with Office 365 (azure AD) & Google federation identity providers configured. When I integrated my user pool with my angular application for the user authentication, I am seeing a cognito login page where I can sign in with user pool account/office 365/google. Is there any way if I pass the identity provider name as Office 365, I can directly login with my office 365 (i.e. redirecting to micronsoft login page directly without this intermediate page)?

Below is the screenshot

Solution

  • The least painful way is to right click the button and inspect element. There is an onclick action on the button that takes you to IdP.

    Navigating directly to the URL contained within takes you immediately to the IdP rather than needing to go to the Cognito Hosted UI first.

    This is effectively the same thing explained in the official Cognito documentation for the AUTHORIZATION endpoint, only it's already done for you. This works for any IdP/social provider, not just Azure AD.

    Developer Console

    Example

    Suppose after inspecting element you have...

    window.location.href='/oauth2/authorize?identity_provider=Facebook&redirect_uri=https://network.exampleloadbalancer.net/oauth2/idpresponse&response_type=CODE&client_id=6chta8di2d737altiugnidsoq9&state=AKRbmsZduQIQJpVGKo2wehrioXltqL12CYZMYotDjLKcSwWWQr+DSf8wmQ15ZHpSfA+ec7H4SQqsgmMyFcz9w/cp2fsQdnzC\/NbKnKJy+wxQlgHLItPHtOHbn9pocoNVV3iDr63g07BFVaqGjfC\/u4Be\/2krgtjtNQChhFSVk5tQ3mouleSSGHEZ+6bdfmb\/VkMdUPwVzKcSO2uFSg==&scope=openid'

    and your Cognito domain is https://exampleloadbalancer.auth.us-east-1.amazoncognito.com,

    1. First, remove any \ characters. (Yours may have none already)
    2. Simply just join the URL parts together and link your users the resulting URL.

    Finished Result:

    https://exampleloadbalancer.auth.us-east-1.amazoncognito.com/oauth2/authorize?identity_provider=Facebook&redirect_uri=https://network.exampleloadbalancer.net/oauth2/idpresponse&response_type=CODE&client_id=6chta8di2d737altiugnidsoq9&state=AKRbmsZduQIQJpVGKo2wehrioXltqL12CYZMYotDjLKcSwWWQr+DSf8wmQ15ZHpSfA+ec7H4SQqsgmMyFcz9w/cp2fsQdnzC/NbKnKJy+wxQlgHLItPHtOHbn9pocoNVV3iDr63g07BFVaqGjfC/u4Be/2krgtjtNQChhFSVk5tQ3mouleSSGHEZ+6bdfmb/VkMdUPwVzKcSO2uFSg==&scope=openid