AWS Cognito + google signup

javascript amazon-web-services aws-sdk aws-cognito

11,650

As per your code snippet, you are using Cognito Federated Identities (i.e. Identity Pools) and adding your Google token to the login map. This won't add the Google user to your Cognito Userpool because in Federated Identities, Cognito Userpool is just another Identity Provider(IdP) like Google. Just like signing up a new user in your userpool does not create a new Google or Facebook account, similarly adding a Google token won't create a new Userpool user. In short, Cognito Userpool is separate from IdentityPool and activities in IdentityPool (like adding Google token in login map) do not affect it.

If you want to add google user to your userpool automatically, there is a way to do so. You need to add Google as an Identity Provider to your Userpool directly & use the Cognito's built-in (i.e hosted) UI for login. After this, all Google logins will automatically, create a new user in Userpool. Now, just add your userpool to your Identity pool i.e remove Google from your Identity Pool. In your login map, you will always use a Cognito token. Even when you login using Google (via the hosted UI), the Google token is sent directly to userpool and it vends a Cognito token. Also, make sure you specify correct attribute mappings in your userpool.

11,650

mugzi

C#, ASP.net Developer and Associate Team lead in a Development Team. I like do research kind of projects and come across with solutions.

Updated on September 16, 2022

Comments

mugzi over 1 year

I have try this below code and it's working fine. However I need to store these signup details within user pool (additionally I want add some custom attributes as well). But I didn't find a proper method to do this.

function signinCallback(authResult) {
			AWS.config.region = 'us-XXXXXXX-1';
            // Add the Google access token to the Cognito credentials login map.
            AWS.config.credentials = new AWS.CognitoIdentityCredentials({
                IdentityPoolId: 'us-XXXX-1:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX',
                RoleArn: 'arn:aws:iam::XXXXXXXX:role/Cognito_XXXXXXXXXUnauth_Role',
                Logins: {
                    'accounts.google.com': authResult['id_token']
                }
            });

            // Obtain AWS credentials
            AWS.config.credentials.get(function (err) {
                alert(err);
                if (err) {
                    console.log(err);
                } else {
                    //client = new AWS.CognitoSyncManager();
                    console.log(AWS.config.credentials);
                    console.log("Cognito Identity Id: " + AWS.config.credentials.identityId);
					}});
					
					}

<span class="g-signin" data-callback="signinCallback" data-clientid="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX-XXXXXXX.apps.googleusercontent.com"
   data-cookiepolicy="single_host_origin" data-requestvisibleactions="http://schemas.google.com/AddActivity"
    data-scope="https://www.googleapis.com/auth/plus.login">
</span>

I want to save it here.

Chiubaka about 5 years

Is there a way to accomplish this without using the Hosted UI for login? I think a lot of the mobile examples somehow circumvent the need to do this, but I've had trouble finding examples for doing the same on the web.
agent420 about 5 years

If you want to use Login with Google/Fb etc. in Cognito Userpool (which is needed to automatically save FB/G+ user in Userpool), you still need to use the Userpool's OAuth endpoint. You can try to bypass the Cognito UI and go directly to Fb/Google login page. See this link: stackoverflow.com/questions/47019504/…
Balaji Kartheeswaran almost 5 years

Is it possible to link the account created with google signin with an account created by an email?
agent420 almost 5 years

You can use AdminLinkProviderForUser API call for something similar. You need to link Google with the email account BEFORE signing in with google for the first time.docs.aws.amazon.com/cognito-user-identity-pools/latest/‌…
Niranjan Balkrishna Prajapati over 3 years

@agent420 and mugzi Post login using google sign in we get the required JWT token which can be used for further processes, But what about the user data like name, email, mobile, etc which usually comes from google sign in. We also want those details to be stored in our Cognito user pool for further usage. How to get those using the Cognito Hosted UI login. Please do let me know as I am stuck with this part
Khushbu Shah over 2 years

Is there any solution for mobile apps if they don't want to use HostedUI ? For example, Android app will use Google SDK for Google sign-in and receive idtoken from that. This token can be sent and validated by backend as per this document developers.google.com/identity/sign-in/android/backend-auth But how to create user in cloud backend (in Cognito user pool) using this idtoken ?