cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Help
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

Cognito as IdP provider for Delta Share

Go to solution
pogo
New Contributor III

a month ago

I am trying to setup a delta sharing Recipient using OIDC Federation with the Issuer URL being cognito idp endpoint.

Are there any examples, other than EntraID, for the values of Subject Claim/Subject/Audiences in the OIDC Policy for Cognito or Google?

 

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
pogo
New Contributor III

a month ago - last edited a month ago

We managed to figure how to make machine to machine authentication to work.
when you setup cognito pool for m2m scenario you add App Client
and then set App Client as both `sub` and Audience in databricks recepient OIDC Policy:

pogo_0-1754351423709.png

2. Set `aud` claim to the app client_id in cognito generated access token using a `pre token generation` lambda (cognito pool -> extensions -> Lambda Triggers -> Authentication -> Pre token generation -> select v3 event type)

def lambda_handler(event, context):
    if event['triggerSource'] == "TokenGeneration_ClientCredentials":
        # Override the 'aud' claim
        print("overriding aud claim")
        event['response'] = {
            "claimsAndScopeOverrideDetails": {
                "accessTokenGeneration": {
                    "claimsToAddOrOverride": {
                        "aud": "54m...."
                    }
                }
            }
        }
    
    # Return to Amazon Cognito
    return event

 

View solution in original post

1 REPLY 1

Go to solution
pogo
New Contributor III

a month ago - last edited a month ago

We managed to figure how to make machine to machine authentication to work.
when you setup cognito pool for m2m scenario you add App Client
and then set App Client as both `sub` and Audience in databricks recepient OIDC Policy:

pogo_0-1754351423709.png

2. Set `aud` claim to the app client_id in cognito generated access token using a `pre token generation` lambda (cognito pool -> extensions -> Lambda Triggers -> Authentication -> Pre token generation -> select v3 event type)

def lambda_handler(event, context):
    if event['triggerSource'] == "TokenGeneration_ClientCredentials":
        # Override the 'aud' claim
        print("overriding aud claim")
        event['response'] = {
            "claimsAndScopeOverrideDetails": {
                "accessTokenGeneration": {
                    "claimsToAddOrOverride": {
                        "aud": "54m...."
                    }
                }
            }
        }
    
    # Return to Amazon Cognito
    return event

 

Join Us as a Local Community Builder!

Passionate about hosting events and connecting people? Help us grow a vibrant local communityโ€”sign up today to get started!

Sign Up Now
Announcements