Skip to main contentVeratrace uses AWS Cognito for authentication via OpenID Connect (OIDC).
How It Works
Authentication configuration is fetched from the instance configuration. Each instance has:
userPoolId - AWS Cognito User Pool ID (format: region_xxxxxxxx)clientId - Cognito OIDC client IDregion - AWS region (extracted from userPoolId)
Source: Feature Inventory - Core Objects (Instance)
Authentication Flow
- Application fetches instance configuration
- Creates Cognito OIDC configuration from instance config
- Redirects user to Cognito hosted UI for login
- User authenticates and is redirected back with authorization code
- Application exchanges code for tokens
- User info is extracted from Cognito user profile (
cognito:username)
Source: Feature Inventory - User Roles and Permissions (Authentication)
After authentication, user information is available from the Cognito user profile:
- Username:
cognito:username
- Email and other profile attributes
Source: /Users/vincentgraham/clearline-ui/src/shared/components/Header/Header.jsx
Sign Out
Sign out redirects to Cognito logout endpoint and clears local/session storage.
Source: /Users/vincentgraham/clearline-ui/src/app/auth/auth.js
Next Steps