https://github.com/poad/github-cognito-oidc-proxy

https://github.com/poad/github-cognito-oidc-proxy

api-gateway apigateway aws aws-cognito awscognito github github-oauth2 openid-connect openid-provider openidconnect

Last synced: 3 months ago
JSON representation

• Host: GitHub
• URL: https://github.com/poad/github-cognito-oidc-proxy
• Owner: poad
• License: mit
• Created: 2022-08-30T22:01:29.000Z (over 3 years ago)
• Default Branch: main
• Last Pushed: 2025-10-08T00:39:31.000Z (3 months ago)
• Last Synced: 2025-10-08T02:30:54.876Z (3 months ago)
• Topics: api-gateway, apigateway, aws, aws-cognito, awscognito, github, github-oauth2, openid-connect, openid-provider, openidconnect
• Language: TypeScript
• Homepage: https://d1czax7fq488gs.cloudfront.net/
• Size: 13.2 MB
• Stars: 1
• Watchers: 2
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# GitHub OAuth 2.0 OpenID Connect Proxy for AWS Cognito



  [![Build and Test](https://github.com/poad/github-cognito-oidc-proxy/actions/workflows/ci.yml/badge.svg)](https://github.com/poad/github-cognito-oidc-proxy/actions/workflows/ci.yml)

  [![Deploy](https://github.com/poad/github-cognito-oidc-proxy/actions/workflows/deploy.yml/badge.svg)](https://github.com/poad/github-cognito-oidc-proxy/actions/workflows/deploy.yml)

  



Connect to AWS Cognito using API Gateway and Lambda Function as a proxy for GitHub OAuth applications and as an Identity Provider via OpenID Connect.

## How to use?

### requirement

- Node.js 18+

- AWS CDK

- pnpm 8.7.4+

### Deploy AWS Resources

```sh

cd package

pnpm install

cdk deploy

```

#### context parameter

| key | description | require |

|:----|:------------|:--------|

| env | The CloudFormation Sack to be built and the prefix name to be set for the AWS resource. | No |

### Configure the AWS Cognito user pool

Now that API Gateway v1 (Rest API) is built, set the GitHub OAuth application and API Gateway endpoint to "Federated identity provider sign-in" in the Cognito user pool.

| Name | Description of the value to be set |

| Client ID | A client ID of Your GitHub OAuth 2.0 application. |

| Client secret | A client secret of Your GitHub OAuth 2.0 application. |

| Authorized scopes | `openid read:user user:email` |

| Attribute request method | GET |

| Setup method | Auto fill through issuer URL |

| Issuer URL | The endpoint URL for the `default` stage of your API Gateway. |

#### Issuer URL

The stage name of the deployed API Gateway is default.

The value to be set for the Issue URL is as follows:

 ID}~.execute-api.~{AWS Region}~.amazonaws.com/default

### Attributes Mapping