AWS Cognito with Social Identity Provider

Introduction

This document offers comprehensive guidance for configuring AWS Cognito to utilise Google and Facebook as social identity providers. These steps will enable seamless authentication, allowing users to access AWS Cognito services using their respective Google or Facebook credentials.

Prerequisites

Before proceeding with the setup, make sure the following prerequisites are met:

  1. Access to AWS Management Console:                                                                                                                                      To use AWS services, you need an active AWS account with access to the AWS Management Console.
    • Access to Google Developer Console:                                                                                                                                       A valid Google account to access the Google Developer Console for configuring Google as an identity provider.
      • Access to Facebook Developer Console:                                                                                                                                   A valid Facebook account to access the Facebook Developer Console for setting up Facebook as an identity provider.
        • Basic Understanding of AWS Cognito:                                                                                                                                       Familiarity with AWS Cognito and its functionalities, including user pool management and identity providers.
          • Basic Understanding of Google and Facebook Developer Platforms:                                                                                Fundamental knowledge of the Google and Facebook developer platforms for creating and configuring applications.
            • Understanding of Identity Provider Concepts:                                                                                                                       Basic understanding of identity providers and their integration within AWS Cognito for user authentication.

              Google Configuration (AWS Cognito Social Identity Provider)

              Step 1: Go to Google Developer Console Link

              Step 2: Select APIs and Services -> Enabled APIs and Service Tab

              Step 3: Select Project

              • Create a new project:
                • Enter Project Name, Organization, Location
              • Select an existing project

              Step 4: OAuth Consent Screen Tab

              • Complete the process
              • Select user type:
                • Internal (only organisational people can access)
                • External (public access recommended)
              • Add email address and save

              Step 5: Credentials Tab

              1. Create Credentials -> OAuth Client ID
              2. Application Type: Web Application
              3. Enter Application
              4. Add redirect URL: https://<domain name>.auth.<region>.amazoncognito.com/oauth2/idpresponse
              5. Click create, save the generated Client ID and Client Secret

              Step 6: AWS Cognito – Sign in Experience -> Identity Provider (Google)

              1. Enter credentials
              2. Map Required Attributes
              3. Add ’email_verified’ attribute

              Step 7: AWS Cognito App Client Configuration

              1. Edit hosted UI
              2. Add Google to Identity Providers
              3. Save & Exit

              Facebook Configuration (AWS Cognito Social Identity Provider)

              Step 1: Go to Facebook Developer Console Link

              Step 2: Create App

              1. Select other options -> Next
              2. App type: Consumer
              3. Add app name

              Step 3: Go to dashboard -> Facebook Login setup

              Step 4: Setting Tab

              1. Valid OAuth Redirect URIs: https://<domain name>.auth.<region>.amazoncognito.com/oauth2/idpresponse
              2. Click save and changes

              Step 5: App Setting -> Basic

              1. Get app client and app secret
              2. Sometimes it may ask for a password; enter it

              Step 6: AWS Cognito – Sign in Experience -> Identity Provider (Facebook)

              1. Enter credentials
              2. Map Required Attributes
              3. Add ’email_verified’ attribute

              Step 7: AWS Cognito App Client Configuration

              1. Edit hosted UI
              2. Add Facebook to Identity Providers
              3. Save & Exit