Farzana Rahman's Blog

How to integrate gmail with cognito as social authentication (using SAM, python)

Farzana Rahman's photo
Farzana Rahman
·

3 min read

In this application, we will learn how to configure google app into AWS cognito.

Installation

  • First, you have to install aws sam cli into your machine.

  • Then configure aws cli.

If you don't have CLI installed and configured into your local machine please follow prerequisite steps from this link

Local Development

  • After installation is done, you have to pull the code from git repository (HTTPS link)

  • Then go to the project directory by using the following command:

        cd <your folder name>
    example: cd authentication

  • Then open template.yaml file and change following (15-20) lines with appropriate data:

    • In line 15 (variable CallBackUrlUserPoolClient), you have to provide the url where google will be redirected after verifying user credential into google side. You can add multiple urls by comma separation.

    • In line 16 (variable LogOutUrlUserPoolClient), you have to provide the url where cognito will be redirected after logout. You can add multiple url by comma separation.

    • In line 17 (variable FIDGoogleClientId), you have to give client id of google app. See How to configure google app

    • In line 18 (variable FIDGoogleClientSecret), you have to give secret client id of google app.

    Example:
      "CallBackUrlUserPoolClient": "http://localhost:4200/dashboard/" 
      "LogOutUrlUserPoolClient": "http://localhost:4200/login/" 
      "FIDGoogleClientId": "816187719480-26d52o4pnfe789ivkjqdm0jqakk19m38.apps.googleusercontent.com" 
      "FIDGoogleClientSecret": "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"

  • Then give a project name into line 27. Here you have to set the value of the ProjectName parameter. Remember this data will be used to make domain name and domain name need to be unique. You must change this value

  • Then open terminal in root folder of this project and run following command:

        sam build

  • If you deploy first time, then you have to run following command:

        sam deploy --guided --capabilities CAPABILITY_IAM CAPABILITY_AUTO_EXPAND

    If you want to run this command with your predefined profile then command will be

        sam deploy --guided --profile <your_profile_name_without_this_bracket> --capabilities CAPABILITY_IAM CAPABILITY_AUTO_EXPAND

  • After running the previous command, you will see that you have to set a stack name. Please give a unique stack name.

    step-1

    For example: I am giving stack name as auth-app.

    step-2

  • Then click enter one after another until SAM configuration environment variable set to default value.

    enter-untill-this

  • Then wait for the successful creation of cloudformation stack.

  • If you want to deploy after changes, then you need to build it first and run only deploy command like following:

   sam build
   sam deploy

  • After successful deployment you will get some output. Save those for further implementation:

    output

    DomainURL: It's value will be used as domain_url in frontend side CognitoAppClientID: It's value will be used as cognito_client_id in frontend side RootAPI: It's value will be used as base_url in frontend side

Update Google APP - Authorized JavaScript origins and Authorized redirect URIs

  • You must have to follow step 11 of this link
SAM(serverless application model)Python 3Cognitogmail authgoogle login