Help in verification of domain for Google OAuth verification


Hi, we are using AWS Cognito as identity provider, with social IdP options available. In order to verify the Google OAuth screen we are requested to verify the custom domain and We have verified custom domain and have trouble going past Can anyone suggest how we can get around this? Will dropping the domain from OAuth consent screen break any functionality? And we use hosted UI. Thanks in advance.

已提問 2 年前檢視次數 992 次
1 個回答


I understand that you are using signin with Google IdP for Cognito Userpool and Google is requesting you to verify your domain in order, and you currently want to verify the Cognito provided domains *.auth.<region>

Firstly, the apex domain and subdomains of *.auth.<region> is owned by AWS, and are used as a generic default domain for customers Cognito userpool; unfortunately it is not possible to verify domain ownership for specific customer, as the domain is not really owned by specific customer in the public domain registrar.

Secondly, from checking Google documentation for domain verification (either host-specific or generic method), it requires adding a TXT record with value generate by Google to your domain DNS records. If this is not the method of Google domain verification for your application, please kindly share the specific documentation if possible.

This means instead of using Cognito provided domain *, you can use your own custom domain name if you have control to your domain. The details steps for using you own custom domain in Cognito userpool can be found here [1].

For example, something like in the Cognito userpool, so that your application will use your own domain name. However, I can see from your rePost message itself that you have already verified custom domain.

To summarize - When the custom domain is successfully activated in your Cognito userpool, both your custom domain and the previous Cognito managed domain can be used for user login. However, because cannot be used for Google domain verification, you will need to change in your Google app to use your customer domain instead of .

I hope the above shared information is insightful to your query. Please feel free to reach out if you have any questions!



profile pictureAWS
已回答 2 年前
  • Thanks for the reply. Assuming your suggestion is to provide google with custom domain only, is exactly what we are trying now. However, the question was asked because according to AWS Docs, we are instructed to provide both both custom domain and cognito domain, hence not registering cognito domain with google might raise issues with functionality. However, though too early to decide, we have not had any issues by not providing cognito domain to google. Will get back here to share our experience if anything goes wrong.

您尚未登入。 登入 去張貼答案。