# Using AWS Cognito to authenticate users

In order to use Amazon Cognito you will need the following:

* An AWS account
* A Google developer account

We will walk through the steps to set everything up below.

## Create the Amazon Cognito User Pool

![](/files/-MlBowD3kgZKkGCRBGX4)

1. Go to <https://console.aws.amazon.com/cognito/home> ([create an AWS account](https://portal.aws.amazon.com/billing/signup) if you don't have one)
2. Select "Manage user pools"
3. Click "Create new pool", provide a name
4. Click "Review defaults", then "Create pool"
5. Click "General settings →App clients" on left then "Add new app client".
6. Enter a name then hit "Create app client"
7. Click "show details" & make note of the client id and client secret
8. Go to "Domain name" on left then set a domain prefix of your choice. Make a note of the full domain (including your prefix and the "amazoncognito" suffix). Click "Save changes"
9. Go to "App integration → App client settings" on left
10. In "Enabled Identity Providers, click "Select all"
11. In "Callback URL(s)" add <https://vision.callbacks.bravostudio.app/>, [https://projects-dev.bravostudio.app](https://projects-dev.bravostudio.app/)
12. In "Allowed OAuth Flows" enable "Authorization code grant"
13. In "Allowed OAuth Scopes" enable openid, email, profile
14. Save changes

## **Add Google as Identity Provider**

Your mobile app users can sign in through social identity providers like Facebook, Google, Amazon, and Apple. Let's see how to configure Google:

1. Create a [developer account with Google](https://developers.google.com/identity). Note: Google Play charges a $25 one-time developer fee.
2. Sign in to Google Cloud Console and create a project: <https://console.cloud.google.com/projectcreate>
3. Go to the [Dashboard](https://console.cloud.google.com/home/dashboard), click "Select a project" and click on the name of your project
4. On the left menu, click "OAuth Consent Screen"
5. Select "External" and click "Create"
6. Set the App name and the User support email
7. In "Authorized domains", add [amazoncognito.com](http://amazoncognito.com/), [page.link](http://page.link) and bravostudio.app
8. In "Developer contact information", set the email address and click "Save and continue"
9. You should be on the "Scopes" step. Click "ADD OR REMOVE SCOPES"
10. Check ".../auth/userinfo.email", ".../auth/userinfo.profile" and "openid", click "Update"
11. In "Test Users", click "ADD USERS"
12. Now you may add your Google email to test the login afterward
13. Click "Save and continue"
14. On the left menu, click "Credentials"
15. Click "Create credentials" and select "OAuth Client ID"
16. In "Application type" select "Web Application", set a name
17. In "Authorized JavaScript origins" add the full domain you created earlier in the Amazon Cognito step (with "https\://")
18. In "Authorized redirect URIs" add the same domain, plus "/oauth2/idpresponse" as a suffix
19. Add also [https://bravostudioapp.page.link](https://bravostudioapp.page.link/) and [https://projects.bravostudio.app](https://projects-dev.bravostudio.app/)
20. Click "Create"
21. Note the Client ID and the Client Secret

![](/files/-MlBpCGprC2XccY3StfG)

1. Go to the [Amazon Cognito Console](https://console.aws.amazon.com/cognito/home)
2. Click "Manage User Pools" and select the one you created before
3. On the left menu go to "Federation → Identity providers"
4. Select Google

![](/files/-MlBpLthTEDwPpPag_Cs)

1. In Google App Id, set the Client ID from the Google API & Services credentials
2. In App Secret, set the Client Secret from the Google API & Services credentials
3. In "Authorize scope" set "profile email openid"
4. Click "Enable Google"
5. Go to "App integration → App client settings"
6. In "Enabled Identity Providers" check "Google" and Save Changes

## Configure OAuth in Bravo Studio

1. Go to <https://projects.bravostudio.app/>
2. Open up your project, go to the "`Integrations`" tab and enable "OAuth 2.0"
3. Select Cognito from the provider list
4. Set the full domain, the Client ID, and the Client Secret from the Cognito User Pool settings
5. Save


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.bravostudio.app/integrations/user-authentication/oauth2/example-using-aws-cognito-to-authenticate-users.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.