Authentication with oAuth 2

IGV supports oAuth 2 protocol for authenticated access to protected resources. Authentication for Google Cloud Storage is provided out-of-the-box through an IGV project, however users may configure IGV to use another project for authentication as described below. For Amazon authentication with Cognito see the UMCCR step-by-step documentation for backend and frontend.

IGV uses the Authorization Code Flow with Proof Key for Code Exchange (PKCE). This flow requires a redirect URI to receive an authorization code after user authenticat. This redirect URI is


where port is the IGV listener port, 60151 by default. If the port is disabled IGV will attempt to open it during the authorization code flow. If the port cannot be opened oAuth authorization will fail.

Customization Configuring an OAuth provider


Optional - may be required by some providers

Optional -


Note all keys, secrets, etc are random strings and presented for illustration only.


"client_id": "YOUR_CLIENT_ID",
"client_secret": "YOUR_CLIENT_SECRET",
"authorization_endpoint": "",
"token_endpoint": "",
"auth_provider_x509_cert_url": "",
"hosts": ["", "", ""]

Amazon Cognito

"apiKey": "",
"project_id": "igv",
"auth_provider": "Amazon",
"auth_provider_x509_cert_url": "",
"aws_region": "ap-southeast-2",
"scope": "email%20openid%20profile",
"client_id": "3f4ujenfmr77tg12iofbebpkoh",
"client_secret": "en1q6638m4dogrr6erhosetim67sjilc6htjnfmf6ljk2q3j9og",
"authorization_endpoint": "",
"token_endpoint": "",
"aws_cognito_fed_pool_id": "ap-southeast-2:15b7bf93-18ca-40d5-99e9-38b4eb69363e",
"aws_cognito_pool_id": "ap-southeast-2_IYMvlZzmv",
"aws_cognito_role_arn": "arn:aws:iam::YOUR_AWS_ACCOUNT:role/YOUR_Cognito_igvAuth_Role"


  "client_id": "hbq82djj-wxky-7iub-j7zq-7i8nv72n48nq",
  "client_secret": "cVAX64fXRikCLmtLEb/cktrAtaHz/tmB3WegtnbXN2Gq",
  "authorization_endpoint": "",
  "token_endpoint": "",
  "hosts": ["", "", ""],
  "auth_provider": "Mayo Clinic",
  "app_id_uri": "",
  "scope": "openid",
  "find_string": "dept",
  "replace_string": "dept-oauth2"