Sign In/Sign Out Redirects

Owned by Jonathan Cohen
Last updated: Aug 31, 2023
2 min read

Only Bound Access (ie Authentication Code Grant) clients must register rediirect callbacks. Machine to Machine (ie Basic Auth) clients do not require registered redirects.

Sample Redirects

Bound access (Authentication Code) clients must implement callbacks for Sign In and Sign Out. These are destination landing pages in the client application where Cognito will redirect the user upon successful Sign In and Sign Out.

Your application must register these urls with USTA once API credentials have been issued by USTA. They are secure and cannot be changed programatically.

Sign In/Callback

Once the user has been successfully authenticated by Cognito, Cognito redirects the user to a gated landing page.

This is stored for each Authentication Code Grant clientid.

logged_in.html

<body> <h1>Congratulations!</h1> <p>You are logged in now!!</p> <a href="https://stage-account.usta.com/logout?client_id=t9pm1781o1i6r34vpk6e8rv9u&logout_uri=http://localhost:8000/logged_out.html">Log out</a> </body>

Sign Out

Once the application ends the users session with Cognito, Cognito redirects the user to an ungated public landing page.

This is stored for each Authentication Code Grant clientid.

logged_out.html

<body> <h2>You are logged out</h2> <a href="https://stage-account.usta.com/login?client_id=t9pm1781o1i6r34vpk6e8rv9u&response_type=code&scope=api-customer/customer:read aws.cognito.signin.user.admin openid profile&redirect_uri=http://localhost:8000/logged_in.html">Log back in</a> </body>

Public Landing Page

This public landing page simulates the entry point to the application. It provides the option to Sign Up or Sign In. It must be ungated and publically accessible since Cognito redirects users who are no longer logged in here.

index.html

<body> <h3>Welcome to my Website</h3> <p><a href="https://stage-account.usta.com/login?client_id=t9pm1781o1i6r34vpk6e8rv9u&response_type=code&scope=api-customer/customer:read aws.cognito.signin.user.admin openid profile&redirect_uri=http://localhost:8000/logged_in.html">Register or Login</a></p> </body>

 

Set Up A Toy App

You can test this out right away with a lightweight http server in Python.

  1. Install Python3

  2. Copy the files above to a working directory.

    1. index.html

    2. logged_in.html

    3. logged_out.html

  3. Navigate to the working directory.

  4. Execute the following command: python3 -m http.server

  5. Open a browser

  6. Navigate to http://localhost:8000