Using AWS Cognito to authenticate users

In order to use Amazon Cognito you will need the following:
An AWS account
A Google developer account
We will walk through the steps to set everything up below.
Create the Amazon Cognito User Pool
Go to https://console.aws.amazon.com/cognito/home (create an AWS account if you don't have one)
Select "Manage user pools"
Click "Create new pool", provide a name
Click "Review defaults", then "Create pool"
Click "General settings →App clients" on left then "Add new app client".
Enter a name then hit "Create app client"
Click "show details" & make note of the client id and client secret
Go to "Domain name" on left then set a domain prefix of your choice. Make a note of the full domain (including your prefix and the "amazoncognito" suffix). Click "Save changes"
Go to "App integration → App client settings" on left
In "Enabled Identity Providers, click "Select all"
In "Callback URL(s)" add https://vision.callbacks.bravostudio.app/, https://projects-dev.bravostudio.app​
In "Allowed OAuth Flows" enable "Authorization code grant"
In "Allowed OAuth Scopes" enable openid, email, profile
Save changes
​
Add Google as Identity Provider
Your mobile app users can sign in through social identity providers like Facebook, Google, Amazon, and Apple. Let's see how to configure Google:
Create a developer account with Google. Note: Google Play charges a $25 one-time developer fee.
Sign in to Google Cloud Console and create a project: https://console.cloud.google.com/projectcreate​
Go to the Dashboard, click "Select a project" and click on the name of your project
On the left menu, click "OAuth Consent Screen"
Select "External" and click "Create"
Set the App name and the User support email
In "Authorized domains", add amazoncognito.com, page.link and bravostudio.app
In "Developer contact information", set the email address and click "Save and continue"
You should be on the "Scopes" step. Click "ADD OR REMOVE SCOPES"
Check ".../auth/userinfo.email", ".../auth/userinfo.profile" and "openid", click "Update"
In "Test Users", click "ADD USERS"
Now you may add your Google email to test the login afterward
Click "Save and continue"
On the left menu, click "Credentials"
Click "Create credentials" and select "OAuth Client ID"
In "Application type" select "Web Application", set a name
In "Authorized JavaScript origins" add the full domain you created earlier in the Amazon Cognito step (with "https://")
In "Authorized redirect URIs" add the same domain, plus "/oauth2/idpresponse" as a suffix
Add also https://bravostudioapp.page.link and https://projects.bravostudio.app​
Click "Create"
Note the Client ID and the Client Secret
​
Go to the Amazon Cognito Console​
Click "Manage User Pools" and select the one you created before
On the left menu go to "Federation → Identity providers"
Select Google
In Google App Id, set the Client ID from the Google API & Services credentials
In App Secret, set the Client Secret from the Google API & Services credentials
In "Authorize scope" set "profile email openid"
Click "Enable Google"
Go to "App integration → App client settings"
In "Enabled Identity Providers" check "Google" and Save Changes
Configure OAuth in Bravo Studio
Go to https://projects.bravostudio.app/​
Open up your project, go to the "Integrations" tab and enable "OAuth 2.0"
Select Cognito from the provider list
Set the full domain, the Client ID, and the Client Secret from the Cognito User Pool settings
Save
Using social logins to authenticate users
Connecting to Spotify API
Last modified 10mo ago