Simple example project with instructions how to create serverless login using AWS Cognito.
These notes and snippets were created after spending too much time figuring out how to setup serverless authentication using AWS Cognito and Google login. Hope you find it useful!
- Navigate to Google: https://console.developers.google.com
- Create new app in My Apps
- Add Google Login in Products
- Collect Google app id and secret (needed later)
- Use specificed domain name in Valid OAuth redirect:
https://servicex.auth.eu1.west-1.amazoncognito.com/(the part "servicex" you can name yourself, but it needs to match with the name used in AWS Congnito)
- Login to AWS and navigate to Cognito service
- Create user pool in Cognito, say:
servicex - Collect Pool Id (needed later)
- Define domain in Open App integration > Domain name, say:
servicex - Navigate back to AWS Cognito
- Enable Google in Google in Federation > Identity providers
- Create client in App clients (no secret needed)
- Open App client settings
- Collect app id (needed later)
- Enable identity providers
- Define callback & sign out urls. Example: https://localhost:3000/
- Select Allowed OAuth Flows: Implicit grant
- Select Allowed Oauth Scopes: email, openid
- Create new identity pool in Cognito, say:
servicex - Open user pool and Edit identity pool
- Collect the identity pool id
- Create role for unauthenticated and authenticated (see policy examples)
- Select Authentication providers and set user Pool id and app client id
- Install Node.js
- Clone this repository
- Install dependencies
- Edit
.envand set values from above - Start app
git clone https://github.com/juhamust/serverless-aws-cognito-login.git
cd serverless-aws-cognito-login
npm install
# NOTE: place values in .env!
cat .env
npm start