ok...Thank you for ur response...hope it is helpful for me. But still, I have a doubt that when used for mobile application client secret is not obtained, so how can I proceed?
You can use the OIDC PKCE Authorization code grant flow for mobile apps. Refer docs.aws.amazon.com/cognito/latest/developerguide/using-pkce-in-authorization-code.html
Users can self-register or you can use APIs to create user in a user pool. If you can share more details on the exact scenario, I will try my best to provide a solution. Please like, subscribe & share this video / channel !! Thanks in advance.
i have added all steps to add user to the user pool, finally when I try login in with google,I get the message flutter: {"message":"Unauthorized"}. can you help me in solving this
In general, "Unauthorized" error means client ID / secret used for Google login is wrong. Please verify that and test it again. Please like, subscribe & share this video / channel !! Thanks in advance.
great video. now I have created custom signup and login forms, and for both the forms I want to place social login buttons. I tried many things but failed, how can I connect the social login with the custom buttons
Thank you! The button should link to Cognito's authorization endpoint. Refer this documentation docs.aws.amazon.com/cognito/latest/developerguide/authorization-endpoint.html. If you want the button to redirect to Google, you can pass identity_provider=Google as a query parameter along with other parameters in the authorization endpoint. In this case, Cognito will not show the hosted UI login page. Instead it will redirect to Google for authentication. Please subscribe and support this channel. Thanks in advance!!
You can check out these docs for custom authentication flow with a custom UI. docs.amplify.aws/lib/auth/getting-started/q/platform/js/ docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-challenge.html
Thanks for the great tutorial. There is a scenario where the user should create by Google in cognito. we have created user ( manually or API ). we just have to do Google SSO on existing users. Is this possible?
@securityinaction1018 Hi, could you please look on this? I do not want create user name with google _random number . I want to create my users and the do auth
Yes, you can link the federated user i.e. google user with the local user which was created before the user logged in for the first time. This can be done when the user logs in for the first time through Google. Take a look at the this documentation docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-identity-federation-consolidate-users.html Please like, subscribe & share!! Thanks in advance.
hello im getting this error after opening the hostedui You can’t sign in because this app sent an invalid request. You can try again later or contact the developer about this issue. Learn more about this error If you are a developer of this app, see error details. Error 400: redirect_uri_mismatch
If the error is thrown in hosted UI, it means the redirect_uri parameter value sent to Cognito is not matching with the redirect_uri configured for that client_id.
You can integrate the react app with Cognito using OpenID Connect. Cognito will show the sign in button for Google and create a profile when the user successfully logs in using Google
@@securityinaction1018 I have created auth with aws amplify in react. I got access token and token id but not getting refresh token. How can I get refresh token?
I am sure refresh token should be available. Can you try hitting the token endpoint directly using a curl command or postman and validate the response?
i have implemented it. But when i am trying to login for the 2nd time, it is not showing the user selection page. instead it takes the last logged in user. how to force it to show the user selection page every time. as i can see you are clearing cookies every time. can i do that in client too...
I don't think it is possible at this point of time. By default, Google will reuse the session of the logged in user. In this forum stackoverflow.com/questions/37711665/forcing-a-user-to-choose-an-account-via-google-oauth2, it says there is an option to pass a prompt parameter. But, Cognito doesn't support the option of passing a prompt parameter.
You can use authorization code flow. I was using implicit grant only for the purpose of demo. implicit grant should never be used for any application integration in production. It is ok to use for demo purpose or to learn how a particular feature works.
What an awesome video! Thank you Would you mind to create a video to share with us about how to use aws cognito login with desktop application(ex: electron js or any other framework) ?
Thank you!! I need to check that. As long as desktop app can open some inline browser, I think same flow should work. Please like, subscribe & share!! Thanks in advance.
No. I mean how to store the data using golang. Example: I have react app that using google signin I login and send the data to my backend(go) Then how i store that data on user pool as external probider?
You need to integrate your app with Cognito instead of Google. Cognito will handle the Google signin flow and store the user profile when a user logs in for the first time.
Thanks for the feedback. I agree on the mouse click and audio issues. I made some changes in the latest videos that I posted and I will try my best to improve the quality.
I have not tried mobile app integration? But, it should be almost same as a web app integration. I think only the redirect_uri needs to be configured differently for a mobile app. This documentation might be helpful : docs.amplify.aws/lib/auth/getting-started/q/platform/android/#option-2-manually-call-the-authentication-apis
Please subscribe to this channel for regular updates ua-cam.com/channels/EEayyyCrJO94FYlzF0NLTg.html
Thank You for the support.
very good, tks
hope i can see more videos from your channel in the future
Thank You. I will surely post more videos.
Excellent walkthrough
Thank you
ok...Thank you for ur response...hope it is helpful for me. But still, I have a doubt that when used for mobile application client secret is not obtained, so how can I proceed?
You can use the OIDC PKCE Authorization code grant flow for mobile apps. Refer docs.aws.amazon.com/cognito/latest/developerguide/using-pkce-in-authorization-code.html
What extention are you using to clean the cookies?
There are many Add ons in Firefox. Try this one addons.mozilla.org/en-US/firefox/addon/cookie-remover/
@securityinaction1018 thank you! can you please tell how to map attribute updated_at ? thanks
Do you want to map the updated_at claim of Google ID token to a Cognito user attribute?
Hi! excellent video I'm already subscribed
Thank You.
how can i add users in user pool when launching mobile apps
Users can self-register or you can use APIs to create user in a user pool. If you can share more details on the exact scenario, I will try my best to provide a solution.
Please like, subscribe & share this video / channel !! Thanks in advance.
the audio is pretty bad at times. its like you're covering up the mic.
This was really helpful, thank you!
Glad it was helpful! Please subscribe to support the channel. Thank you!!
i have added all steps to add user to the user pool, finally when I try login in with google,I get the message flutter: {"message":"Unauthorized"}. can you help me in solving this
In general, "Unauthorized" error means client ID / secret used for Google login is wrong. Please verify that and test it again.
Please like, subscribe & share this video / channel !! Thanks in advance.
great video.
now I have created custom signup and login forms, and for both the forms I want to place social login buttons.
I tried many things but failed, how can I connect the social login with the custom buttons
Thank you!
The button should link to Cognito's authorization endpoint. Refer this documentation docs.aws.amazon.com/cognito/latest/developerguide/authorization-endpoint.html.
If you want the button to redirect to Google, you can pass identity_provider=Google as a query parameter along with other parameters in the authorization endpoint. In this case, Cognito will not show the hosted UI login page. Instead it will redirect to Google for authentication.
Please subscribe and support this channel. Thanks in advance!!
what if i want this to use by custom page with out using hostedui what is the approach how should i integrate
You can check out these docs for custom authentication flow with a custom UI. docs.amplify.aws/lib/auth/getting-started/q/platform/js/
docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-challenge.html
Thank you so much! it was really helpful!
Glad it helped!
Please like, subscribe & share this video / channel !! Thanks in advance.
Thanks for the great tutorial. There is a scenario where the user should create by Google in cognito. we have created user ( manually or API ). we just have to do Google SSO on existing users. Is this possible?
@securityinaction1018 Hi, could you please look on this? I do not want create user name with google _random number . I want to create my users and the do auth
Yes, you can link the federated user i.e. google user with the local user which was created before the user logged in for the first time. This can be done when the user logs in for the first time through Google. Take a look at the this documentation docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-identity-federation-consolidate-users.html
Please like, subscribe & share!! Thanks in advance.
@@securityinaction1018 thank you. Do you have any video tutorials regarding this to understand in easy way?
I don't have it at this point of time. But, I will try to post it in future.
hello im getting this error after opening the hostedui You can’t sign in because this app sent an invalid request. You can try again later or contact the developer about this issue. Learn more about this error
If you are a developer of this app, see error details.
Error 400: redirect_uri_mismatch
If the error is thrown in hosted UI, it means the redirect_uri parameter value sent to Cognito is not matching with the redirect_uri configured for that client_id.
How to resolve this error?
How can we add this sign in button with react app? From react app i need to login with google and add user to cognito
You can integrate the react app with Cognito using OpenID Connect. Cognito will show the sign in button for Google and create a profile when the user successfully logs in using Google
@@securityinaction1018 I have created auth with aws amplify in react. I got access token and token id but not getting refresh token. How can I get refresh token?
I am sure refresh token should be available. Can you try hitting the token endpoint directly using a curl command or postman and validate the response?
If i have multiple service running in aws,can i use this to authenticate all service
What type of services? Is it API or Web app etc. ?
i have implemented it. But when i am trying to login for the 2nd time, it is not showing the user selection page. instead it takes the last logged in user.
how to force it to show the user selection page every time.
as i can see you are clearing cookies every time. can i do that in client too...
I don't think it is possible at this point of time. By default, Google will reuse the session of the logged in user. In this forum stackoverflow.com/questions/37711665/forcing-a-user-to-choose-an-account-via-google-oauth2, it says there is an option to pass a prompt parameter. But, Cognito doesn't support the option of passing a prompt parameter.
hi is it possilbe to know when.i use authorization_code Oauth flow type instead of Implicit grant?
You can use authorization code flow. I was using implicit grant only for the purpose of demo. implicit grant should never be used for any application integration in production. It is ok to use for demo purpose or to learn how a particular feature works.
could you please ensure to keep your mic closeby as we lost audio in some parts. otherwise great tutorial.
Thanks for the feedback. I am constantly trying to improve the quality of the videos and will try my best.
What an awesome video! Thank you
Would you mind to create a video to share with us about how to use aws cognito login with desktop application(ex: electron js or any other framework) ?
Thank you!!
I need to check that. As long as desktop app can open some inline browser, I think same flow should work.
Please like, subscribe & share!! Thanks in advance.
super helpful
Thank You!!
Please like, subscribe & share!! Thanks in advance.
hi, how to do this social login using golang ?
Are you referring to a client app using golang?
No. I mean how to store the data using golang.
Example:
I have react app that using google signin
I login and send the data to my backend(go)
Then how i store that data on user pool as external probider?
You need to integrate your app with Cognito instead of Google. Cognito will handle the Google signin flow and store the user profile when a user logs in for the first time.
By that you mean integrate with my react app directly right?
Yes. Add Google as an Identity provider in Cognito as described in this video and integrate the react app with Cognito using OIDC
terrible sound, the mouse clicks very loudly, periodically the volume decreases, as if the microphone is covered with something
Thanks for the feedback. I agree on the mouse click and audio issues. I made some changes in the latest videos that I posted and I will try my best to improve the quality.
Sorry, couldn't continue listening with your sound going out from time to time. Good content though.
Thank you. Sorry about that
Very poor sound quality!
@securityinaction1018 could you please help me with android app integration solution
I have not tried mobile app integration? But, it should be almost same as a web app integration. I think only the redirect_uri needs to be configured differently for a mobile app. This documentation might be helpful : docs.amplify.aws/lib/auth/getting-started/q/platform/android/#option-2-manually-call-the-authentication-apis