Help in verification of amazoncognito.com domain for Google OAuth verification

0

Hi, we are using AWS Cognito as identity provider, with social IdP options available. In order to verify the Google OAuth screen we are requested to verify the custom domain and amazoncognito.com. We have verified custom domain and have trouble going past amazoncognito.com. Can anyone suggest how we can get around this? Will dropping the domain from OAuth consent screen break any functionality? And we use hosted UI. Thanks in advance.

질문됨 2년 전985회 조회
1개 답변
1
수락된 답변

Hello,

I understand that you are using signin with Google IdP for Cognito Userpool and Google is requesting you to verify your domain in order, and you currently want to verify the Cognito provided domains *.auth.<region>.amazoncognito.com.



Firstly, the apex domain and subdomains of *.auth.<region>.amazoncognito.com is owned by AWS, and are used as a generic default domain for customers Cognito userpool; unfortunately it is not possible to verify domain ownership for specific customer, as the domain is not really owned by specific customer in the public domain registrar.

Secondly, from checking Google documentation for domain verification (either host-specific or generic method), it requires adding a TXT record with value generate by Google to your domain DNS records. If this is not the method of Google domain verification for your application, please kindly share the specific documentation if possible.

This means instead of using Cognito provided domain *.auth.eu-central-1.amazoncognito.com, you can use your own custom domain name if you have control to your domain. The details steps for using you own custom domain in Cognito userpool can be found here [1].

For example, something like test-example-auth-dev.myowndomain.com in the Cognito userpool, so that your application will use your own domain name. However, I can see from your rePost message itself that you have already verified custom domain.



To summarize - When the custom domain is successfully activated in your Cognito userpool, both your custom domain and the previous Cognito managed amazoncognito.com domain can be used for user login. However, because amazoncognito.com cannot be used for Google domain verification, you will need to change in your Google app to use your customer domain instead of amazoncognito.com .

I hope the above shared information is insightful to your query. Please feel free to reach out if you have any questions!



References:

[1] https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-add-custom-domain.html

profile pictureAWS
지원 엔지니어
Yash_C
답변함 2년 전
  • Thanks for the reply. Assuming your suggestion is to provide google with custom domain only, is exactly what we are trying now. However, the question was asked because according to AWS Docs, we are instructed to provide both both custom domain and cognito domain, hence not registering cognito domain with google might raise issues with functionality. However, though too early to decide, we have not had any issues by not providing cognito domain to google. Will get back here to share our experience if anything goes wrong.

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠