• Introduction
• Prerequisites
• Add Youverse as Identity Provider
• Enable the Youverse SSO Connection
• Enroll users
• Troubleshooting

AWS Cognito

Achieve a truly frictionless login experience with Youverse Single Sign-On (SSO). To login with Youverse, you need a username and a selfie, and that’s it! No more passwords to worry about.

This guide details the required steps to setup Youverse as an external identity provider in your AWS Cognito user pool.

With this integration you can easily add a passwordless login option for all your AWS Cognito enabled apps using Youverse SSO.

Prerequisites

1. An AWS account with a user pool created in AWS Cognito.
2. Find your AWS Cognito domain name:
   1. Login to AWS Cognito and go to your User Pool dashboard.
   2. Click on App integration > Domain name.
3. Send an e-mail to support@youverse.id requesting a SSO service account and provide your app name and AWS Cognito domain name. You will receive a unique identifier for the registered app and also a secret (Client ID and Client Secret). Make note of these values, you will need them later.

Add the Youverse SSO Integration

To integrate Youverse SSO with AWS Cognito, go to your User Pool dashboard and follow the steps below.

1. Click on Federation > Identity Providers.
2. Click on OpenID Connect.
3. Fill out the fields to add a new connection:
   • Provider Name - Set to “Youverse”.
   • Client ID - Client ID received from Youverse.
   • Client Secret - Client Secret received from Youverse.
   • Attributes request method - Keep the default value "GET".
   • Authorize scope - Enter “openid profile email”.
   • Issuer - Enter "https://accounts.youverse.id".
4. Click on Run discovery to make sure Youverse servers can be reached successfully.
5. Click on Create provider.

Enable the Youverse SSO Connection

To use the Youverse SSO connection, you must first enable it for your AWS Cognito Apps:

1. In your User Pool dashboard, click on App integration > App client settings.
2. Check the Youverse box in the Enabled Identity Providers section.

Enroll users

Users can enroll with Youverse by signing up here using the same e-mail address as in their AWS Cognito login. This way, we can link both Youverse and AWS Cognito accounts with the user e-mail.

After the e-mail is confirmed, it will be available through the OIDC email claim.

Troubleshooting

If you find any issues or need help with the setup please contact us or join us at our discord community.