Having trouble with Cognito Login authorizing in Unity app

0

I've been having a hard time trying to get Cognito login to work. We've gone from using Google sign in, to using Facebook sign in, to using just a single Guest sign in, to now.

Those methods (Facebook and Google) have had SDK bugs and issues where we've thought of just implementing a Cognito sign in to our app which we (in time) want to use as a white label to access other apps and our website as well. My latest attempt allowed me to log and see my test user added to the UserPool (User Name, Email) and get a userSub value returned to my console, but loading and loggers don't trigger and app just stalls there.

I'm not sure if the issue is with Lambda perhaps not triggering a response or Loaders not loading parameters correctly?

James
asked 10 months ago385 views
1 Answer
0

Hello,

I understand you're experiencing challenges in integrating Cognito for social sign-ins in your app. You are creating a user pool for authentication to your Unity based app.

Cognito User pool supports adding social providers such as Google, Facebook, Amazon and Apple. In addition to that, you can also enable UI managed by Cognito to use login/logout/register web-pages as provided by Cognito, which is referred as Amazon Cognito Hosted UI. This also requires you to set up a user pool domain.

To enabled Hosted UI for your user pool and enable a user pool domain, you can follow the steps listed on document[1] via console.

You can also integrate social providers with the user pool for authentication, and then enable them for your app-client, which will lead to Login via specific Social Identity provider button visible on Hosted UI.

For enabling Social Identity providers, you can follow the document listed at [2], which includes the following steps :

  • Prerequisites
  • Step 1: Register with a social IdP
  • Step 2: Add a social IdP to your user pool
  • Step 3: Test your social IdP configuration

The given document[2][3] include steps to enable Facebook, Amazon, Google and Apple as Social provider.

I am also share a couple of 3rd-party documentations and Youtube tutorials to help you understand the federation authentication IdPs:

How do I set up Google as a federated identity provider in an Amazon Cognito user pool? https://aws.amazon.com/premiumsupport/knowledge-center/cognito-google-social-identity-provider/
Single Sign On (SSO) with Facebook on AWS Cognito | AWS | Angular: https://www.youtube.com/watch?v=atkn2wyGdGc

Integrating Social Media to your App with AWS Cognito: https://medium.com/wolox/integrating-social-media-to-your-app-with-aws-cognito-8943329aa89b

You will then have to configure App URLs as callback URLs in user pool. When you authenticate with Hosted UI, post authentication, the code/tokens are sent as query/anchor parameter via a GET request to the configured callback URL (if you have multiple callback URLs, at runtime, Cognito checks "redirect_uri" in authentication request and sends code/token there).

For mobile applications, you can configure callback URL, such as "myapp://example". With this configuration, and proper deep links defined (via intent-filter in Android), Hosted UI in browser will initiate a GET request to the App callback URL. This, will trigger the application, and you can consume the request data(including the code/token) in the application.

If you have a custom UI with using Cognito/Amplify SDK behind the scene, you have to do lots of works to listen and exchange Cognito issued JWTs on your server where your app is deployed. Cognito user pool currently only support client-side SP-initiated SSO. The "client-side" means that the federation authentication request has to be made from client-side. You can't use SDK to send a federation authentication request to Facebook or other IdP from server-side (Cognito SDK, i.e: amazon-cognito-identity-js). For example, our current open-source framework Amplify uses "amazon-cognito-identity-js" behind the scene, and it does support Apple, Facebook, Google as its social logins:

Social sign-in (OAuth): https://docs.amplify.aws/lib/auth/social/q/platform/js#setup-your-auth-provider 

Nevertheless, the SDK only can open a browser window redirecting user to target IdP (e.g: Facebook, Google, Apple). User has to complete the verification on the IdP signIn page, and then get redirected back to Cognito user pool to complete the whole federation authentication process.

You can also use frameworks such as Amplify Authorization, which provides managed workflows for authentication and integration with Hosted UI. Please refer [4] for Amplify reference.

If you still face issues getting this working, I recommend :

  1. Ensure that your Lambda functions are properly configured and triggered by Cognito events.
  2. In Cognito, make sure that the callback URLs are correctly configured to point to your application. Mismatches in the URLs can cause issues in the authentication flow.
  3. Check if frontend of your application correctly handles the authentication tokens (ID Token, Access Token) returned by Cognito.

References

[1] https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-app-integration.html#cognito-user-pools-create-an-app-integration

[2] https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-social-idp.html

[3]Add Social Sign-in to a User Pool : https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-configuring-federation-with-social-idp.html

[4]https://docs.amplify.aws/lib/auth/getting-started/q/platform/android/

AWS
Priya_s
answered 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions