- Newest
- Most votes
- Most comments
Hello,
I understand you're experiencing challenges in integrating Cognito for social sign-ins in your app. You are creating a user pool for authentication to your Unity based app.
Cognito User pool supports adding social providers such as Google, Facebook, Amazon and Apple. In addition to that, you can also enable UI managed by Cognito to use login/logout/register web-pages as provided by Cognito, which is referred as Amazon Cognito Hosted UI. This also requires you to set up a user pool domain.
To enabled Hosted UI for your user pool and enable a user pool domain, you can follow the steps listed on document[1] via console.
You can also integrate social providers with the user pool for authentication, and then enable them for your app-client, which will lead to Login via specific Social Identity provider button visible on Hosted UI.
For enabling Social Identity providers, you can follow the document listed at [2], which includes the following steps :
- Prerequisites
- Step 1: Register with a social IdP
- Step 2: Add a social IdP to your user pool
- Step 3: Test your social IdP configuration
The given document[2][3] include steps to enable Facebook, Amazon, Google and Apple as Social provider.
I am also share a couple of 3rd-party documentations and Youtube tutorials to help you understand the federation authentication IdPs:
How do I set up Google as a federated identity provider in an Amazon Cognito user pool? https://aws.amazon.com/premiumsupport/knowledge-center/cognito-google-social-identity-provider/
Single Sign On (SSO) with Facebook on AWS Cognito | AWS | Angular: https://www.youtube.com/watch?v=atkn2wyGdGc
Integrating Social Media to your App with AWS Cognito: https://medium.com/wolox/integrating-social-media-to-your-app-with-aws-cognito-8943329aa89b
You will then have to configure App URLs as callback URLs in user pool. When you authenticate with Hosted UI, post authentication, the code/tokens are sent as query/anchor parameter via a GET request to the configured callback URL (if you have multiple callback URLs, at runtime, Cognito checks "redirect_uri" in authentication request and sends code/token there).
For mobile applications, you can configure callback URL, such as "myapp://example". With this configuration, and proper deep links defined (via intent-filter in Android), Hosted UI in browser will initiate a GET request to the App callback URL. This, will trigger the application, and you can consume the request data(including the code/token) in the application.
If you have a custom UI with using Cognito/Amplify SDK behind the scene, you have to do lots of works to listen and exchange Cognito issued JWTs on your server where your app is deployed. Cognito user pool currently only support client-side SP-initiated SSO. The "client-side" means that the federation authentication request has to be made from client-side. You can't use SDK to send a federation authentication request to Facebook or other IdP from server-side (Cognito SDK, i.e: amazon-cognito-identity-js). For example, our current open-source framework Amplify uses "amazon-cognito-identity-js" behind the scene, and it does support Apple, Facebook, Google as its social logins:
Social sign-in (OAuth): https://docs.amplify.aws/lib/auth/social/q/platform/js#setup-your-auth-provider
Nevertheless, the SDK only can open a browser window redirecting user to target IdP (e.g: Facebook, Google, Apple). User has to complete the verification on the IdP signIn page, and then get redirected back to Cognito user pool to complete the whole federation authentication process.
You can also use frameworks such as Amplify Authorization, which provides managed workflows for authentication and integration with Hosted UI. Please refer [4] for Amplify reference.
If you still face issues getting this working, I recommend :
- Ensure that your Lambda functions are properly configured and triggered by Cognito events.
- In Cognito, make sure that the callback URLs are correctly configured to point to your application. Mismatches in the URLs can cause issues in the authentication flow.
- Check if frontend of your application correctly handles the authentication tokens (ID Token, Access Token) returned by Cognito.
References
[2] https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-social-idp.html
[3]Add Social Sign-in to a User Pool : https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-configuring-federation-with-social-idp.html
[4]https://docs.amplify.aws/lib/auth/getting-started/q/platform/android/
Relevant content
- asked 3 years ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated 2 years ago