AWS Cognito + google signup

Question

I have try this below code and it's working fine. However I need to store these signup details within user pool (additionally I want add some custom attributes as well). But I didn't find a proper method to do this.

function signinCallback(authResult) {
   AWS.config.region = 'us-XXXXXXX-1';
            // Add the Google access token to the Cognito credentials login map.
            AWS.config.credentials = new AWS.CognitoIdentityCredentials({
                IdentityPoolId: 'us-XXXX-1:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX',
                RoleArn: 'arn:aws:iam::XXXXXXXX:role/Cognito_XXXXXXXXXUnauth_Role',
                Logins: {
                    'accounts.google.com': authResult['id_token']
                }
            });

            // Obtain AWS credentials
            AWS.config.credentials.get(function (err) {
                alert(err);
                if (err) {
                    console.log(err);
                } else {
                    //client = new AWS.CognitoSyncManager();
                    console.log(AWS.config.credentials);
                    console.log("Cognito Identity Id: " + AWS.config.credentials.identityId);
     }});
     
     }

<span class="g-signin" data-callback="signinCallback" data-clientid="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX-XXXXXXX.apps.googleusercontent.com"
   data-cookiepolicy="single_host_origin" data-requestvisibleactions="http://schemas.google.com/AddActivity"
    data-scope="https://www.googleapis.com/auth/plus.login">
</span>

I want to save it here.

agent420 · Accepted Answer · 2022-12-28T10:21:13.070

12

As per your code snippet, you are using Cognito Federated Identities (i.e. Identity Pools) and adding your Google token to the login map. This won't add the Google user to your Cognito Userpool because in Federated Identities, Cognito Userpool is just another Identity Provider(IdP) like Google. Just like signing up a new user in your userpool does not create a new Google or Facebook account, similarly adding a Google token won't create a new Userpool user. In short, Cognito Userpool is separate from IdentityPool and activities in IdentityPool (like adding Google token in login map) do not affect it.

If you want to add google user to your userpool automatically, there is a way to do so. You need to add Google as an Identity Provider to your Userpool directly & use the Cognito's built-in (i.e hosted) UI for login. After this, all Google logins will automatically, create a new user in Userpool. Now, just add your userpool to your Identity pool i.e remove Google from your Identity Pool. In your login map, you will always use a Cognito token. Even when you login using Google (via the hosted UI), the Google token is sent directly to userpool and it vends a Cognito token. Also, make sure you specify correct attribute mappings in your userpool.

edited Dec 28 '22 at 10:21

answered Feb 06 '18 at 09:23

agent420

3,291
20
27

6

Is there a way to accomplish this without using the Hosted UI for login? I think a lot of the mobile examples somehow circumvent the need to do this, but I've had trouble finding examples for doing the same on the web. – Chiubaka Feb 13 '19 at 07:59
If you want to use Login with Google/Fb etc. in Cognito Userpool (which is needed to automatically save FB/G+ user in Userpool), you still need to use the Userpool's OAuth endpoint. You can try to bypass the Cognito UI and go directly to Fb/Google login page. See this link: https://stackoverflow.com/questions/47019504/cognito-user-pools-is-it-possible-to-create-a-custom-sign-up-in-form-for-faceb/47035466#47035466 – agent420 Feb 13 '19 at 09:05
Is it possible to link the account created with google signin with an account created by an email? – Balaji Kartheeswaran Jun 13 '19 at 13:09
You can use AdminLinkProviderForUser API call for something similar. You need to link Google with the email account BEFORE signing in with google for the first time.https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminLinkProviderForUser.html – agent420 Jun 15 '19 at 07:12
@agent420 and mugzi Post login using google sign in we get the required JWT token which can be used for further processes, But what about the user data like name, email, mobile, etc which usually comes from google sign in. We also want those details to be stored in our Cognito user pool for further usage. How to get those using the Cognito Hosted UI login. Please do let me know as I am stuck with this part – Niranjan Balkrishna Prajapati Aug 28 '20 at 12:55
1

Is there any solution for mobile apps if they don't want to use HostedUI ? For example, Android app will use Google SDK for Google sign-in and receive idtoken from that. This token can be sent and validated by backend as per this document https://developers.google.com/identity/sign-in/android/backend-auth But how to create user in cloud backend (in Cognito user pool) using this idtoken ? – Khushbu Shah Aug 17 '21 at 08:59
The first link is broken. Seems there isn't a way to add Google as an IDP without using hosted UI? – newguy Dec 20 '22 at 15:52
Updated the link and yes, there is no way to use social login without hosted UI – agent420 Dec 28 '22 at 10:22
That is not true. You can use social sign in without hosted UI from Amazon. For that, you can use the AWS Amplify library and sign in against google using ```federatedSignIn```. – Server Khalilov Jan 12 '23 at 08:32
No, that call still uses the Authorization endpoint of Cognito UI; it's just that you can bypass the UI & go to google directly using the idp parameter. In essence, it is still using UI. – agent420 Jan 16 '23 at 08:37
Is there any way to use AWS congnito sign with google || facebook without hosted UI by AWS cognito – Hardik Desai Apr 21 '23 at 12:57

AWS Cognito + google signup

1 Answers1

Linked