I want to log in to my AWS Cognito apps. But on accessing the AWS apps, the user should be redirected to the ServiceNow login page, and upon authentication, it should redirect to the app with the token and claims.
I have tried the following:
1. Create an OAuth client in ServiceNow with a Cognito redirect URL.
2. Create a Cognito user pool
3. Configure the ServiceNow Identity Provider (IdP) in Cognito with the following details:
Provider Type: OIDC
ClientId, ClientSecret (obtained from ServiceNow OAuth Client)
Authorized Scopes: openid useraccount
Attribute request method: POST
Authorization endpoint: https://<my_instance_id>.service-now.com/oauth_auth.do
Token endpoint: https://<my_instance_id>.service-now.com/oauth_token.do
I couldn't find the Issuer_URL and UserInfo endpoint.
4. Added the following Claim mappings:
username -> sub
email -> email
name -> name
4. Configure the Cognito App Client to use the ServiceNow IDP
After doing all this when I try to access the Cognito App Client Hosted UI, it goes to the ServiceNow and call the redirect url with the error response that username+attribute+mapping+required. And in header response it returns the code and state.
How can I get the user claims and token from it? Are the above steps correct for what I am trying to acheive?
