In this application, we will learn how to configure google app into AWS cognito.
Installation
- First, you have to install aws sam cli into your machine.
- Then configure aws cli.
If you don't have CLI installed and configured into your local machine please follow prerequisite steps from this link
Local Development
- After installation is done, you have to pull the code from git repository (HTTPS link)
- Then go to the project directory by using the following command:
cd <your folder name>
example: cd authentication
- Then open template.yaml file and change following (15-20) lines with appropriate data:
- In line 15 (variable CallBackUrlUserPoolClient), you have to provide the url where google will be redirected after verifying user credential into google side. You can add multiple urls by comma separation.
- In line 16 (variable LogOutUrlUserPoolClient), you have to provide the url where cognito will be redirected after logout. You can add multiple url by comma separation.
- In line 17 (variable FIDGoogleClientId), you have to give client id of google app. See How to configure google app
- In line 18 (variable FIDGoogleClientSecret), you have to give secret client id of google app.
Example:
"CallBackUrlUserPoolClient": "http://localhost:4200/dashboard/"
"LogOutUrlUserPoolClient": "http://localhost:4200/login/"
"FIDGoogleClientId": "816187719480-26d52o4pnfe789ivkjqdm0jqakk19m38.apps.googleusercontent.com"
"FIDGoogleClientSecret": "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"
Then give a project name into line 27. Here you have to set the value of the ProjectName parameter. Remember this data will be used to make domain name and domain name need to be unique.
You must change this valueThen open terminal in root folder of this project and run following command:
sam build
- If you deploy first time, then you have to run following command:
sam deploy --guided --capabilities CAPABILITY_IAM CAPABILITY_AUTO_EXPAND
If you want to run this command with your predefined profile then command will be
sam deploy --guided --profile <your_profile_name_without_this_bracket> --capabilities CAPABILITY_IAM CAPABILITY_AUTO_EXPAND
- After running the previous command, you will see that you have to set a stack name. Please give a unique stack name.
For example: I am giving stack name as auth-app.
- Then click enter one after another until SAM configuration environment variable set to default value.
- Then wait for the successful creation of cloudformation stack.
- If you want to deploy after changes, then you need to build it first and run only deploy command like following:
sam build
sam deploy
- After successful deployment you will get some output. Save those for further implementation:
DomainURL: It's value will be used as domain_url in frontend side
CognitoAppClientID: It's value will be used as cognito_client_id in frontend side
RootAPI: It's value will be used as base_url in frontend side
Update Google APP - Authorized JavaScript origins and Authorized redirect URIs
- You must have to follow step 11 of this link
Top comments (1)
To integrate Gmail as a social authentication provider with Amazon Cognito using AWS Serverless Application Model (SAM) and Python, you can follow these general steps. This example uses AWS Lambda for serverless functions and Amazon API Gateway for handling API requests and here you can get all the instruction. Remember that this is a high-level overview here of the steps involved in integrating Gmail as a social authentication provider with Amazon Cognito using SAM and Python. Each of these steps requires detailed implementation, and you should refer to official AWS documentation and relevant Python libraries for specific code examples and guidelines. Additionally, consider implementing security best practices to protect user data and authentication flows.