We are trying to enable the OIDC (AWS cognito) authentication for dockerized Datahub We followed the instructions given in the below link https://datahubproject.io/docs/how/configure-oidc-react/ We have configured following properties from datahub/docker/datahub-frontend/env/docker.env Required OIDC configs AUTH_OIDC_ENABLED=true AUTH_OIDC_CLIENT_ID=XXXXXXXX AUTH_OIDC_CLIENT_SECRET= #AUTH_OIDC_DISCOVERY_URI=https://xxxxxxxxxxxxxxxxxxxxxxxx/.well-known/openid-configuration AUTH_OIDC_DISCOVERY_URI=https://xxxxxxxxxxxx.xxxxxxxxxxxxxxxx/openid-configuration AUTH_OIDC_BASE_URL=https://XXXXXXXXX.com Optional OIDC configs AUTH_OIDC_USER_NAME_CLAIM=email AUTH_OIDC_USER_NAME_CLAIM_REGEX=([^@]+) AUTH_OIDC_SCOPE=openid Uncomment to disable JAAS username / password authentication (enabled by defau lt) AUTH_JAAS_ENABLED=false But for some reasons redirection is not happening, instead it is taking us to default datahub login page when we hit the base url. Please let us know, if we are missing something Thanks in advance.

Will ping you directly!

@big-carpet-38439 @fresh-fish-73471 Did you guys manage to get Cognito working? I’ve got login partially working, but logOut is broken

@most-pillow-90882 What is happening on log out?

Right now, nothing. Just goes back to home page with logged in user. Have tried disabling cacheing, etc.

Can you try this in incognito browser? This is very strange. Both login and logout should work... If you can send the contents of the open-id configuration URL it may help us triage

Same issue in Incognito mode (tested both Chrome and Firefox). openId config url https://cognito-idp.us-east-1.amazonaws.com/us-east-1_pjck0hccL/.well-known/openid-configuration. Contents: authorization_endpoint “https://sae-blk-test.auth.us-east-1.amazoncognito.com/oauth2/authorize” id_token_signing_alg_values_supported 0 “RS256" issuer “https://cognito-idp.us-east-1.amazonaws.com/us-east-1_pjck0hccL” jwks_uri “https://cognito-idp.us-east-1.amazonaws.com/us-east-1_pjck0hccL/.well-known/jwks.json” response_types_supported 0 “code” 1 “token” scopes_supported 0 “openid” 1 “email” 2 “phone” 3 “profile” subject_types_supported 0 “public” token_endpoint “https://sae-blk-test.auth.us-east-1.amazoncognito.com/oauth2/token” token_endpoint_auth_methods_supported 0 “client_secret_basic” 1 “client_secret_post” userinfo_endpoint “https://sae-blk-test.auth.us-east-1.amazoncognito.com/oauth2/userInfo”

Thank you - will take a look today. Also, which version of DataHub are you using?

Looks like 0..8.29 actually

Yeah so there's a known issue in 0.8.29 unforuntately with OIDC - can you try to use 0.8.30?

FWIW, this is the link that appears to work for the OIDC / React guide https://datahubproject.io/docs/authentication/guides/sso/configure-oidc-react/#configuring-oidc-in-react