Using AWS Cognito to authenticate users
Last updated
Was this helpful?
Last updated
Was this helpful?
In order to use Amazon Cognito you will need the following:
An AWS account
A Google developer account
We will walk through the steps to set everything up below.
Select "Manage user pools"
Click "Create new pool", provide a name
Click "Review defaults", then "Create pool"
Click "General settings →App clients" on left then "Add new app client".
Enter a name then hit "Create app client"
Click "show details" & make note of the client id and client secret
Go to "Domain name" on left then set a domain prefix of your choice. Make a note of the full domain (including your prefix and the "amazoncognito" suffix). Click "Save changes"
Go to "App integration → App client settings" on left
In "Enabled Identity Providers, click "Select all"
In "Allowed OAuth Flows" enable "Authorization code grant"
In "Allowed OAuth Scopes" enable openid, email, profile
Save changes
Your mobile app users can sign in through social identity providers like Facebook, Google, Amazon, and Apple. Let's see how to configure Google:
On the left menu, click "OAuth Consent Screen"
Select "External" and click "Create"
Set the App name and the User support email
In "Developer contact information", set the email address and click "Save and continue"
You should be on the "Scopes" step. Click "ADD OR REMOVE SCOPES"
Check ".../auth/userinfo.email", ".../auth/userinfo.profile" and "openid", click "Update"
In "Test Users", click "ADD USERS"
Now you may add your Google email to test the login afterward
Click "Save and continue"
On the left menu, click "Credentials"
Click "Create credentials" and select "OAuth Client ID"
In "Application type" select "Web Application", set a name
In "Authorized JavaScript origins" add the full domain you created earlier in the Amazon Cognito step (with "https://")
In "Authorized redirect URIs" add the same domain, plus "/oauth2/idpresponse" as a suffix
Click "Create"
Note the Client ID and the Client Secret
Click "Manage User Pools" and select the one you created before
On the left menu go to "Federation → Identity providers"
Select Google
In Google App Id, set the Client ID from the Google API & Services credentials
In App Secret, set the Client Secret from the Google API & Services credentials
In "Authorize scope" set "profile email openid"
Click "Enable Google"
Go to "App integration → App client settings"
In "Enabled Identity Providers" check "Google" and Save Changes
Open up your project, go to the "Integrations" tab and enable "OAuth 2.0"
Select Cognito from the provider list
Set the full domain, the Client ID, and the Client Secret from the Cognito User Pool settings
Save
Go to ( if you don't have one)
In "Callback URL(s)" add ,
Create a . Note: Google Play charges a $25 one-time developer fee.
Sign in to Google Cloud Console and create a project:
Go to the , click "Select a project" and click on the name of your project
In "Authorized domains", add , and bravostudio.app
Add also and
Go to the
Go to
