JWT Auth with AWS Cognito

Issue Summary

We currently have a SaaS app that uses AWS cognito for user authentication. We tried to configure redash (also running on AWS) to authenticate using JWT and passed the JWT token we get from Cognito. Here is the JWT config:

REDASH_JWT_LOGIN_ENABLED: “true”
REDASH_JWT_AUTH_ALGORITHMS: “RS256”
REDASH_JWT_AUTH_PUBLIC_CERTS_URL: “https://cognito-idp.eu-central-1.amazonaws.com/[User Pool ID]/.well-known/jwks.json”
REDASH_JWT_AUTH_AUDIENCE: “[APP ID]”
REDASH_JWT_AUTH_ISSUER: “https://cognito-idp.[region].amazonaws.com/[User Pool ID]”
REDASH_HOST: “…”
REDASH_PASSWORD_LOGIN_ENABLED: “false”

However, its seems that redash is still looking for a password for authentication. authentication.py claim verification logic is able to handle Cognito’s token. but this logic doesn’t get triggered for Cognito.

Technical details:

  • Redash Version: 9.0
  • Browser/OS: Chrome
  • How did you install Redash: Docker Image on ec2