Skip to main content

How to Authenticate Odoo with AWS Cognito, OpenID & GitHub

How to Authenticate Odoo with AWS Cognito, OpenID & GitHub 


This guide covers the full setup to transform Odoo into a secure JWT-powered portal.
 

Step 1: AWS Cognito Setup (The Identity Provider)

Before touching Odoo, you must configure your User Pool.

  1. Create a User Pool: Set your sign-in attributes (Email/Username).
  2. Create an App Client:
    • Crucial: Check "Generate client secret" (required for Authorization Code Grant).
  3. Managed Login Settings:
    • Callback URL: http://localhost:8069/auth_oauth/signin (or your ngrok/domain).
    • OAuth Flows: Select Authorization code grant.
    • Scopes: Select openid, email, and profile.
  4. Note your credentials: You need the Client ID, Client Secret, and User Pool ID.
 

Step 2: Install Required OCA Modules

Standard Odoo OAuth is limited. For Cognito/OpenID, you need the OCA Server-Auth suite.

  1. Download the OCA Repository: Clone https://github.com.
  2. Add to Addons Path: Include the server-auth folder in your odoo.conf.
  3. Install the following modules:
    • auth_oauth (Standard Odoo)
    • auth_oidc (OCA - This handles the OpenID Connect logic we used)
    • auth_signup (To allow user creation)

 

Step 3: Configure the Odoo OAuth Provider

Navigate to Settings > Users & Companies > OAuth Providers and create a new provider.

FieldValue Template
Provider NameAWS Cognito
Auth FlowAuthorization Code Grant
Client IDYour_Cognito_Client_ID
Client SecretYour_Cognito_Client_Secret
Token Mapemail:email, name:name (Important for auth_oidc module)
Authorization URLhttps://[your-domain].auth.[region]://
UserInfo URLhttps://[your-domain].auth.[region]://
Token URLhttps://[your-domain].auth.[region]://
JWKS URLhttps://cognito-idp.[region]://[pool_id]/.well-known/jwks.json

 

 

 

Comments

Post a Comment

Popular posts from this blog

Use CS50 library in my local machine offline to run codes in C language

M ake your PC ready to run codes in C language How to use CS50 library in your local machine offline Here are three videos presented by someone, they will guide you to make your PC ready to run C files. How to Download and Install Visual Studio Code ( VS Code ) on Windows 10 How to Download and Install C Cpp Toolset ( gcc g++ gdb ) in Windows 10 using mingw-w64 and msys2 How to Set up Visual Studio Code for C and C++ Programming After watching the above videos and following the steps in them, you can apply the following steps in order to use CS50 library for implementing codes written in C language in your local machine offline. Download the zip file from Github Release,  https://github.com/cs50/libcs50/releases Unzip it, locate to libcs50/src/, you can get cs50.h and cs50.c Copy cs50.h and cs50.c in the Workspace Create and save a C file which uses cs50 libraries in the Workspace. We can call it hello.c, hello.c should be with cs50.h and cs50.c in the same folde...
Post a Comment
Read more

Uninstall an Odoo module via terminal command line

 Uninstall an Odoo module (via terminal/command line) If you're just trying to uninstall a module (disable it in the database), you can run a script using Odoo’s shell: ./odoo-bin shell -d your_database_name Then, once inside the shell: module = env['ir.module.module'].search([('name', '=', 'your_module_name')]) module.button_immediate_uninstall()
Post a Comment
Read more

How to Open Port 80 & 443 in FirewallD

 How to Open Port 80 & 443 in FirewallD FirewallD is the frontend management solution of iptables for most of the Linux distributions. It provides an easy-to-use command line and GUI-based interface to manage iptable rules. This tutorial describes to you to open port 80 (HTTP) and port 443 (HTTPS) in FirewallD. Allow Port 80 & 443 in FirewallD Using firewalld, you can allow/deny any port temporarily or permanently. The temporary allow/deny rules will be removed after the system reboot. But the permanent rules will persist even after the system restart. The following commands allow incoming traffic on TCP ports 80 and 443 in firewalld. sudo firewall-cmd --zone=public --add-port=80/tcp  sudo firewall-cmd --zone=public --add-port=443/tcp  The --permanent option insures to remain firewall rules after system reboots. sudo firewall-cmd --permanent --zone=public --add-port=80/tcp  sudo firewall-cmd --permanent --zone=public --add-port=443/tcp  Next, apply the c...
Post a Comment
Read more