DEV Community

farzana-juthi for AWS Community Builders

Posted on • Updated on

How to integrate gmail with cognito as social authentication (using SAM, python)

In this application, we will learn how to configure google app into AWS cognito.

Installation

  • First, you have to install aws sam cli into your machine.
  • Then configure aws cli.

If you don't have CLI installed and configured into your local machine please follow prerequisite steps from this link

Local Development

  • After installation is done, you have to pull the code from git repository (HTTPS link)
  • Then go to the project directory by using the following command:
    cd <your folder name>
    example: cd authentication
Enter fullscreen mode Exit fullscreen mode
  • Then open template.yaml file and change following (15-20) lines with appropriate data:
    • In line 15 (variable CallBackUrlUserPoolClient), you have to provide the url where google will be redirected after verifying user credential into google side. You can add multiple urls by comma separation.
    • In line 16 (variable LogOutUrlUserPoolClient), you have to provide the url where cognito will be redirected after logout. You can add multiple url by comma separation.
    • In line 17 (variable FIDGoogleClientId), you have to give client id of google app. See How to configure google app
    • In line 18 (variable FIDGoogleClientSecret), you have to give secret client id of google app.
  Example:
    "CallBackUrlUserPoolClient": "http://localhost:4200/dashboard/" 
    "LogOutUrlUserPoolClient": "http://localhost:4200/login/" 
    "FIDGoogleClientId": "816187719480-26d52o4pnfe789ivkjqdm0jqakk19m38.apps.googleusercontent.com" 
    "FIDGoogleClientSecret": "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" 
Enter fullscreen mode Exit fullscreen mode
  • Then give a project name into line 27. Here you have to set the value of the ProjectName parameter. Remember this data will be used to make domain name and domain name need to be unique.
    You must change this value

  • Then open terminal in root folder of this project and run following command:

    sam build
Enter fullscreen mode Exit fullscreen mode
  • If you deploy first time, then you have to run following command:
    sam deploy --guided --capabilities CAPABILITY_IAM CAPABILITY_AUTO_EXPAND
Enter fullscreen mode Exit fullscreen mode

If you want to run this command with your predefined profile then command will be

    sam deploy --guided --profile <your_profile_name_without_this_bracket> --capabilities CAPABILITY_IAM CAPABILITY_AUTO_EXPAND
Enter fullscreen mode Exit fullscreen mode
  • After running the previous command, you will see that you have to set a stack name. Please give a unique stack name.

step-1

For example: I am giving stack name as auth-app.

step-2

  • Then click enter one after another until SAM configuration environment variable set to default value.

enter-untill-this

  • Then wait for the successful creation of cloudformation stack.
  • If you want to deploy after changes, then you need to build it first and run only deploy command like following: output
    sam build
    sam deploy
Enter fullscreen mode Exit fullscreen mode
  • After successful deployment you will get some output. Save those for further implementation:

output

DomainURL: It's value will be used as domain_url in frontend side
CognitoAppClientID: It's value will be used as cognito_client_id in frontend side
RootAPI: It's value will be used as base_url in frontend side

Update Google APP - Authorized JavaScript origins and Authorized redirect URIs

  • You must have to follow step 11 of this link

Top comments (1)

Collapse
 
garryhammack profile image
Danny Acton • Edited

To integrate Gmail as a social authentication provider with Amazon Cognito using AWS Serverless Application Model (SAM) and Python, you can follow these general steps. This example uses AWS Lambda for serverless functions and Amazon API Gateway for handling API requests and here you can get all the instruction. Remember that this is a high-level overview here of the steps involved in integrating Gmail as a social authentication provider with Amazon Cognito using SAM and Python. Each of these steps requires detailed implementation, and you should refer to official AWS documentation and relevant Python libraries for specific code examples and guidelines. Additionally, consider implementing security best practices to protect user data and authentication flows.