CLI application that handled federated authentication for AWS users
- An OIDC provider like Auth0
- A well-known
openid-configuration
URL - An Auth0 application created
- Type : Native
- Allowed Callback URLs : A list of the localhost URLs created from the POSSIBLE_PORTS list of ports
- The
client_id
for this application will be used in the CLI config file
- An AWS Identity provider
- with an audience value of the Auth0 application client_id
- with a valid thumbprint
cp config.yaml.inc config.yaml
well_known_url
: The OpenID Connect Discovery Endpoint URL. (Auth0)- client_id: The Auth0
client_id
generated when the Auth0 application was created in the prerequisites - scope: A space delimited list of
OpenID Connect Scopes.
For example
openid
and the scope where access control information is made available. Mozilla SSO would useopenid https://sso.mozilla.com/claim/groups
python federated_boto/cli.py --role-arn arn:aws:iam::123456789012:role/example-role
# https://community.auth0.com/t/custom-claims-without-namespace/10999
# https://community.auth0.com/t/how-to-set-audience-for-aws-iam-identity-provider-configuration/12951