By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Trying to set up Amplify with Cognito and CDK

0

Hi, As part of my development, I prefer to write AWS CDK code instead of using Amplify's CLI. However, I like to use the aws-amplify package on the frontend in order to handle things like auth. I was wondering if there is any guides on setting up Google Identity Providers on Amplify with Cognito written in CDK? I am able to use the hosted UI and sign in works well there. But I'm struggling a bit with using the signInWithRedirect function.

  • How do I set up my backend using CDK code in Typescript to set up Google Identity Providers?
  • How do I connect my preexisting backend to my frontend using Amplify.configure so that federated sign ins work?
  • Is there any way to make sure users that use different sign in methods map to the same account? (User signs in with Google vs User signs in with email and password should both have the same account.
Topics
Front-End Web & MobileSecurity, Identity, & Compliance
Tags
AWS AmplifyAmazon Cognito
Language
English
questionasker2525
asked a month ago80 views
1 Answer
0

While there isn't a specific guide for setting up Google Identity Providers with Amplify and Cognito using CDK, I can provide some guidance on how to approach this.

  1. Setting up Google Identity Providers using CDK: You can use the CDK to create a Cognito User Pool and configure it with a Google Identity Provider. Here's a general approach:
  • Create a Cognito User Pool using the aws-cdk-lib/aws-cognito module.
  • Add a Google Identity Provider to the User Pool using the UserPoolIdentityProviderGoogle construct.
  • Configure the User Pool Client to allow the Google provider.
  1. Connecting preexisting backend to frontend with Amplify.configure: To connect your CDK-created backend to your frontend using Amplify, you'll need to pass the necessary configuration to Amplify.configure(). This includes:
  • The User Pool ID
  • The User Pool Client ID
  • The Identity Pool ID (if you're using one)
  • The OAuth configuration, including the domain, scope, and redirect sign-in/sign-out URLs

You can output these values from your CDK stack and use them in your frontend code.

  1. Mapping users from different sign-in methods to the same account: Cognito supports linking social identities to a user pool account. When a user signs in with a social provider like Google, Cognito can either create a new user or link the social identity to an existing user based on the email address.

To enable this:

  • Ensure that "email" is a required attribute in your User Pool.
  • Configure your User Pool to allow users to sign up and sign in with their email address.
  • Set up attribute mapping for the Google Identity Provider to map the email attribute.

This way, whether a user signs in with Google or with email and password, Cognito will use the email address to determine if it's an existing user or a new one.

Remember to handle cases where a user might try to sign up with an email that's already associated with a social identity, and vice versa. You may need to implement custom logic in your application to manage these scenarios.

For the signInWithRedirect function, ensure that you've correctly set up the OAuth flows in your Cognito User Pool Client and that your redirect URIs are properly configured both in the Cognito settings and in your Google Developer Console.

Sources
Use existing Cognito resources - React - AWS Amplify Gen 2 Documentation
Set up Amplify Auth - AWS Amplify Gen 2 Documentation

profile picture
re:Post Agent
answered a month ago
profile picture
EXPERT
Giovanni Lauria
reviewed a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content