Comment on page
Using AWS Cognito to authenticate users
In order to use Amazon Cognito you will need the following:
- An AWS account
- A Google developer account
We will walk through the steps to set everything up below.

- 1.
- 2.Select "Manage user pools"
- 3.Click "Create new pool", provide a name
- 4.Click "Review defaults", then "Create pool"
- 5.Click "General settings →App clients" on left then "Add new app client".
- 6.Enter a name then hit "Create app client"
- 7.Click "show details" & make note of the client id and client secret
- 8.Go to "Domain name" on left then set a domain prefix of your choice. Make a note of the full domain (including your prefix and the "amazoncognito" suffix). Click "Save changes"
- 9.Go to "App integration → App client settings" on left
- 10.In "Enabled Identity Providers, click "Select all"
- 11.In "Callback URL(s)" add https://vision.callbacks.bravostudio.app/, https://projects-dev.bravostudio.app
- 12.In "Allowed OAuth Flows" enable "Authorization code grant"
- 13.In "Allowed OAuth Scopes" enable openid, email, profile
- 14.Save changes
Your mobile app users can sign in through social identity providers like Facebook, Google, Amazon, and Apple. Let's see how to configure Google:
- 1.
- 2.Sign in to Google Cloud Console and create a project: https://console.cloud.google.com/projectcreate
- 3.
- 4.On the left menu, click "OAuth Consent Screen"
- 5.Select "External" and click "Create"
- 6.Set the App name and the User support email
- 7.
- 8.In "Developer contact information", set the email address and click "Save and continue"
- 9.You should be on the "Scopes" step. Click "ADD OR REMOVE SCOPES"
- 10.Check ".../auth/userinfo.email", ".../auth/userinfo.profile" and "openid", click "Update"
- 11.In "Test Users", click "ADD USERS"
- 12.Now you may add your Google email to test the login afterward
- 13.Click "Save and continue"
- 14.On the left menu, click "Credentials"
- 15.Click "Create credentials" and select "OAuth Client ID"
- 16.In "Application type" select "Web Application", set a name
- 17.In "Authorized JavaScript origins" add the full domain you created earlier in the Amazon Cognito step (with "https://")
- 18.In "Authorized redirect URIs" add the same domain, plus "/oauth2/idpresponse" as a suffix
- 19.
- 20.Click "Create"
- 21.Note the Client ID and the Client Secret

- 1.
- 2.Click "Manage User Pools" and select the one you created before
- 3.On the left menu go to "Federation → Identity providers"
- 4.Select Google

- 1.In Google App Id, set the Client ID from the Google API & Services credentials
- 2.In App Secret, set the Client Secret from the Google API & Services credentials
- 3.In "Authorize scope" set "profile email openid"
- 4.Click "Enable Google"
- 5.Go to "App integration → App client settings"
- 6.In "Enabled Identity Providers" check "Google" and Save Changes
- 1.
- 2.Open up your project, go to the "
Integrations
" tab and enable "OAuth 2.0" - 3.Select Cognito from the provider list
- 4.Set the full domain, the Client ID, and the Client Secret from the Cognito User Pool settings
- 5.Save
Last modified 1yr ago