Amazon Cognito Adds Industry Standard Support with OpenID Connect

We are excited to announce that we’re enhancing Amazon Cognito to support OpenID Connect (OIDC), an open standard for identity authentication. You can now utilize Amazon Cognito to generate unique identifiers and receive temporary AWS credentials with any OIDC-compatible provider. This new feature greatly expands the universe of identity providers you can leverage with Amazon Cognito to securely access your AWS resources. Support for OIDC identity providers, alongside developer authenticated identities, makes it easier to follow security best practices at AWS.

You can integrate an OIDC-compatible provider without any backend infrastructure, or code. From the IAM console, you can create a new OIDC provider. Once that’s created, you can simply select the provider when you create an identity pool through the Amazon Cognito console.

This AWS Security blog post demonstrates how to set up authentication using Salesforce and Amazon Cognito.