AWS Cognito with Social Identity Provider

Prerequisites

Before proceeding with the setup, make sure the following prerequisites are met:

1. Access to AWS Management Console:                                                                                                                                      To use AWS services, you need an active AWS account with access to the AWS Management Console.
2. Access to Google Developer Console:                                                                                                                                       A valid Google account to access the Google Developer Console for configuring Google as an identity provider.
3. Access to Facebook Developer Console:                                                                                                                                   A valid Facebook account to access the Facebook Developer Console for setting up Facebook as an identity provider.
4. Basic Understanding of AWS Cognito:                                                                                                                                       Familiarity with AWS Cognito and its functionalities, including user pool management and identity providers.
5. Basic Understanding of Google and Facebook Developer Platforms:                                                                                Fundamental knowledge of the Google and Facebook developer platforms for creating and configuring applications.
6. Understanding of Identity Provider Concepts:                                                                                                                       Basic understanding of identity providers and their integration within AWS Cognito for user authentication.

Google Configuration (AWS Cognito Social Identity Provider)

Step 1: Go to Google Developer Console Link

Step 2: Select APIs and Services -> Enabled APIs and Service Tab

Step 3: Select Project

• Create a new project:
• Enter Project Name, Organization, Location
• Select an existing project

Step 4: OAuth Consent Screen Tab

• Complete the process
• Select user type:
• Internal (only organisational people can access)
• External (public access recommended)
• Add email address and save

Step 5: Credentials Tab

1. Create Credentials -> OAuth Client ID
2. Application Type: Web Application
3. Enter Application
4. Add redirect URL: https://<domain name>.auth.<region>.amazoncognito.com/oauth2/idpresponse
5. Click create, save the generated Client ID and Client Secret

Step 6: AWS Cognito – Sign in Experience -> Identity Provider (Google)

1. Enter credentials
2. Map Required Attributes
3. Add ’email_verified’ attribute

Step 7: AWS Cognito App Client Configuration

1. Edit hosted UI
2. Add Google to Identity Providers
3. Save & Exit

Facebook Configuration (AWS Cognito Social Identity Provider)

Step 1: Go to Facebook Developer Console Link

Step 2: Create App

1. Select other options -> Next
2. App type: Consumer
3. Add app name

Step 3: Go to dashboard -> Facebook Login setup

Step 4: Setting Tab

1. Valid OAuth Redirect URIs: https://<domain name>.auth.<region>.amazoncognito.com/oauth2/idpresponse
2. Click save and changes

Step 5: App Setting -> Basic

1. Get app client and app secret
2. Sometimes it may ask for a password; enter it

Step 6: AWS Cognito – Sign in Experience -> Identity Provider (Facebook)

1. Enter credentials
2. Map Required Attributes
3. Add ’email_verified’ attribute

Step 7: AWS Cognito App Client Configuration

1. Edit hosted UI
2. Add Facebook to Identity Providers
3. Save & Exit