Using AWS Cognito to authenticate users

In order to use Amazon Cognito you will need the following:

  • An AWS account

  • A Google developer account

We will walk through the steps to set everything up below.

Create the Amazon Cognito User Pool

  1. Select "Manage user pools"

  2. Click "Create new pool", provide a name

  3. Click "Review defaults", then "Create pool"

  4. Click "General settings โ†’App clients" on left then "Add new app client".

  5. Enter a name then hit "Create app client"

  6. Click "show details" & make note of the client id and client secret

  7. Go to "Domain name" on left then set a domain prefix of your choice. Make a note of the full domain (including your prefix and the "amazoncognito" suffix). Click "Save changes"

  8. Go to "App integration โ†’ App client settings" on left

  9. In "Enabled Identity Providers, click "Select all"

  10. In "Allowed OAuth Flows" enable "Authorization code grant"

  11. In "Allowed OAuth Scopes" enable openid, email, profile

  12. Save changes

Add Google as Identity Provider

Your mobile app users can sign in through social identity providers like Facebook, Google, Amazon, and Apple. Let's see how to configure Google:

  1. Create a developer account with Google. Note: Google Play charges a $25 one-time developer fee.

  2. Sign in to Google Cloud Console and create a project:

  3. Go to the Dashboard, click "Select a project" and click on the name of your project

  4. On the left menu, click "OAuth Consent Screen"

  5. Select "External" and click "Create"

  6. Set the App name and the User support email

  7. In "Authorized domains", add, and

  8. In "Developer contact information", set the email address and click "Save and continue"

  9. You should be on the "Scopes" step. Click "ADD OR REMOVE SCOPES"

  10. Check ".../auth/", ".../auth/userinfo.profile" and "openid", click "Update"

  11. In "Test Users", click "ADD USERS"

  12. Now you may add your Google email to test the login afterward

  13. Click "Save and continue"

  14. On the left menu, click "Credentials"

  15. Click "Create credentials" and select "OAuth Client ID"

  16. In "Application type" select "Web Application", set a name

  17. In "Authorized JavaScript origins" add the full domain you created earlier in the Amazon Cognito step (with "https://")

  18. In "Authorized redirect URIs" add the same domain, plus "/oauth2/idpresponse" as a suffix

  19. Click "Create"

  20. Note the Client ID and the Client Secret

  1. Click "Manage User Pools" and select the one you created before

  2. On the left menu go to "Federation โ†’ Identity providers"

  3. Select Google

  1. In Google App Id, set the Client ID from the Google API & Services credentials

  2. In App Secret, set the Client Secret from the Google API & Services credentials

  3. In "Authorize scope" set "profile email openid"

  4. Click "Enable Google"

  5. Go to "App integration โ†’ App client settings"

  6. In "Enabled Identity Providers" check "Google" and Save Changes

Configure OAuth in Bravo Studio

  1. Open up your project, go to the "Integrations" tab and enable "OAuth 2.0"

  2. Select Cognito from the provider list

  3. Set the full domain, the Client ID, and the Client Secret from the Cognito User Pool settings

  4. Save

Last updated