Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

On iOS, app users are confused by a warning about `amazoncognito.com` when choosing `Sign-in w/ Google`.

0

For my Unity app named Mogaland, users are served with the following message when they decide to sign-in w/ Google on iOS:

  • "Mogaland" Wants to Use "amazoncognito.com" to Sign In. This allows the app aand website to share information about you. Cancel / Continue.

The URL used to reach out the AWS Cognito endpoint is build like documented here: https://docs.aws.amazon.com/cognito/latest/developerguide/authorization-endpoint.html.

Question: is there a way to have the message rephrased from amazoncongito.com to google.com? That would be less confusing for the users who chose to sign-in w/ Google and have a message about a destination they don't know about...

Thanks, Dom

Note that the mechanism is used to sign-in w/ Apple and no popup appears! I don't understand how Apple can produce a popup for the final IDP being Google and not Apple, when it seems the URL is only about AWS Cognito...

Themen
Sicherheit, Identität & Konformität
Tags
Sicherheit, Identität & KonformitätAmazon CognitoAmazon Cognito Federated Identities
Sprache
English
Dom_D
gefragt vor 3 Monaten203 Aufrufe
2 Antworten
0
Akzeptierte Antwort

Answering my own question:

  • Apple displays the message with a domain extracted from the URL used to reach Cognito. There's no way to interfere with the process.
  • However, we can add a custom domain to the Cognito user pool so the URL exposes our own domain. With that update, I can have a message like:

"Mogaland" Wants to Use "mogaland.io" to Sign In. This allows the app aand website to share information about you. Cancel / Continue.

  • As Apple cuts the URLs to expose a limited part of it, having different domains like auth.cert.mogaland.io and auth.prod.mogaland.io has no impact on the final user experience.

For CDK users, it's just a matter of calling addDomain():

    // Create user pool
    const userPool = new UserPool(this, ..., ...);

    // Set a custom domain for the authorization path
    const certificate = Certificate.fromCertificateArn(this, 'domainCert', props.acmCertificateARN);
    const domainName = `auth.${props.stageName}.mogaland.io`;
    userPool.addDomain('Custom Domain', {
        customDomain: {
            domainName,
            certificate,
        }
    });
Dom_D
beantwortet vor 3 Monaten
0

This consent message is created by iOS, therefore you might get better support in an iOS developer forum. Nevertheless, some hints which might help you resolving the issue. The message is potentially created by SFAuthenticationSession, which requests consent by design ("If an application uses SFAuthenticationSession, users are prompted by a dialog to give explicit consent, allowing the application to access the website’s data in Safari."). You might be able to remove the message by switching to ASWebAuthenticationSession instead. This one is the successor of SFAuthenticationSession, which is now deprecated.

profile pictureAWS
Michael
beantwortet vor 3 Monaten
  • Dom_D
    vor 3 Monaten

    Thanks Michael.

    I already use ASWebAuthenticationSession to trigger the request to AWS Cognito that will redirect users to the Google sign-in page. The message in popup is based on the URL passed to ASWebAuthenticationSession.

    I'm going to look at setting a custom domain, so people will see mogaland.io in place of amazoncongito.com just before ending up on the Google Sign-In page,

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt