Hi everybody
We have a brand new Moodle 3.9.1 installation hosted in AWS EC2 the installation works fine with the default values, currently we are trying to allow our current users stored in AWS Cognito to login into the site.
What we have done so far is enabling the OAuth2 authentication plugin and configured Cognito as a custom OAuth, these are the values that we are using in the server configuration:
On Service base URL we put: https://<cognito_app>.auth.us-east-1.amazoncognito.com
Also we put the mandatory endpoints following the OAuth plugin documentation (https://docs.moodle.org/39/en/OAuth_2_services#Issuer_Configuration)
And finally we mapped the cognito email field with the moodle email field:
After setting this values the OAuth provider appears in the login screen, when clicked it correctly fordwards the user to the cognito OAuth portal:
After login into that portal we are redirected back into moodle, but then the following message appears:
And the user is still not logged in into moodle.
But the weird thing is when you click in again in login and use the OAuth cognito provider, the authentication portal is skipped and the user is now logged in into moodle.
The account works fine after the login and can use moodle normally, but if you try to log out and want to login as a different user, the Cognito OAuth portal is also skipped and the same user logs in. (I think this is because moodle doesn't know how to tell cognito to log out the user)
Does anybody has sucessfully configured cognito as login provider using OAuth? Or should I try using SAML instead?
Thank you so much in advance, any help will be appreciated.