Menu
Amazon Cognito
Developer Guide (Version Last Updated: 07/28/2016)

Google

Amazon Cognito integrates with Google to provide federated authentication for your mobile application users. This section explains how to register and set up your application with Google as an identity provider.

Android

Note

If your app uses Google and will be available on multiple mobile platforms, you should configure it as an OpenID Connect Provider, adding all created client IDs as additional audience values to allow for better integration. To learn more about Google's cross-client identity model, see Cross-client Identity.

Set Up Google

To enable Google+ Sign-in for Android, you will need to create a Google Developers console project for your application.

  1. Go to the Google Developers console and create a new project.

  2. Under APIs and auth > APIs > Social APIs, enable the Google+ API.

  3. Under APIs and auth > Credentials > OAuth consent screen, create the dialog that will be shown to users when your app requests access to their private data.

  4. Under Credentials > Add Credentials, create an OAuth 2.0 client ID for Android. You will need a client ID for each platform you intend to develop for (e.g. web, iOS, Android).

  5. Under Credentials > Add Credentials, create a Service Account. The console will alert you that a new public/private key has been created.

For additional instructions on using the Google Developers console, see Managing projects in the Developers Console.

For additional instructions on integrating Google+ into your Android app, see the Google documentation for Android.

Configure the External Provider in the Amazon Cognito Console

From the Amazon Cognito Console home page:

  1. Click the name of the identity pool for which you want to enable Amazon as an external provider. The Dashboard page for your identity pool appears.

  2. In the top-right corner of the Dashboard page, click Edit identity pool. The Edit identity pool page appears.

  3. Scroll down and click Authentication providers to expand it.

  4. Click the Google tab.

  5. Click Unlock.

  6. Enter the Google Client ID you obtained from Google, and then click Save Changes.

Use Google

To enable login with Google in your application, follow the Google+ documentation for Android. Successful authentication results in an OpenID Connect authentication token, which Amazon Cognito uses to authenticate the user and generate a unique identifier.

The following sample code shows how to retrieve the authentication token from the Google Play Service:

Copy
GooglePlayServicesUtil.isGooglePlayServicesAvailable(getApplicationContext()); AccountManager am = AccountManager.get(this); Account[] accounts = am.getAccountsByType(GoogleAuthUtil.GOOGLE_ACCOUNT_TYPE); String token = GoogleAuthUtil.getToken(getApplicationContext(), accounts[0].name, "audience:server:client_id:YOUR_GOOGLE_CLIENT_ID"); Map<String, String> logins = new HashMap<String, String>(); logins.put("accounts.google.com", token); credentialsProvider.setLogins(logins);

iOS - Objective-C

Note

If your app uses Google and will be available on multiple mobile platforms, you should configure it as an OpenID Connect Provider, adding all created client IDs as additional audience values to allow for better integration. To learn more about Google's cross-client identity model, see Cross-client Identity.

To enable Google+ Sign-in for iOS, you will need to create a Google Developers console project for your application.

Set Up Google

  1. Go to the Google Developers console and create a new project.

  2. Under APIs and auth > APIs > Social APIs, enable the Google+ API.

  3. Under APIs and auth > Credentials > OAuth consent screen, create the dialog that will be shown to users when your app requests access to their private data.

  4. Under Credentials > Add Credentials, create an OAuth 2.0 client ID for iOS. You will need a client ID for each platform you intend to develop for (e.g. web, iOS, Android).

  5. Under Credentials > Add Credentials, create a Service Account. The console will alert you that a new public/private key has been created.

For additional instructions on using the Google Developers console, see Managing projects in the Developers Console.

For additional instructions on integrating Google+ into your iOS app, see the Google documentation for iOS.

From the Amazon Cognito Console home page:

Configure the External Provider in the Amazon Cognito Console

  1. Click the name of the identity pool for which you want to enable Amazon as an external provider. The Dashboard page for your identity pool appears.

  2. In the top-right corner of the Dashboard page, click Edit identity pool. The Edit identity pool page appears.

  3. Scroll down and click Authentication providers to expand it.

  4. Click the Google tab.

  5. Click Unlock.

  6. Enter the Google Client ID you obtained from Google, and then click Save Changes.

Use Google

To enable login with Google in your application, follow the Google+ documentation for iOS. Successful authentication results in an OpenID Connect authentication token, which Amazon Cognito uses to authenticate the user and generate a unique identifier.

Successful authentication results in a GTMOAuth2Authentication object which contains an id_token, which Amazon Cognito uses to authenticate the user and generate a unique identifier:

Copy
- (void)finishedWithAuth: (GTMOAuth2Authentication *)auth error: (NSError *) error { NSString *idToken = [auth.parameters objectForKey:@"id_token"]; credentialsProvider.logins = @{ @(AWSCognitoLoginProviderKeyGoogle): idToken }; }

iOS - Swift

Note

If your app uses Google and will be available on multiple mobile platforms, you should configure it as an OpenID Connect Provider, adding all created client IDs as additional audience values to allow for better integration. To learn more about Google's cross-client identity model, see Cross-client Identity.

To enable Google+ Sign-in for iOS, you will need to create a Google Developers console project for your application.

Set Up Google

  1. Go to the Google Developers console and create a new project.

  2. Under APIs and auth > APIs > Social APIs, enable the Google+ API.

  3. Under APIs and auth > Credentials > OAuth consent screen, create the dialog that will be shown to users when your app requests access to their private data.

  4. Under Credentials > Add Credentials, create an OAuth 2.0 client ID for iOS. You will need a client ID for each platform you intend to develop for (e.g. web, iOS, Android).

  5. Under Credentials > Add Credentials, create a Service Account. The console will alert you that a new public/private key has been created.

For additional instructions on using the Google Developers console, see Managing projects in the Developers Console.

For additional instructions on integrating Google+ into your iOS app, see the Google documentation for iOS.

From the Amazon Cognito Console home page:

Configure the External Provider in the Amazon Cognito Console

  1. Click the name of the identity pool for which you want to enable Amazon as an external provider. The Dashboard page for your identity pool appears.

  2. In the top-right corner of the Dashboard page, click Edit identity pool. The Edit identity pool page appears.

  3. Scroll down and click Authentication providers to expand it.

  4. Click the Google tab.

  5. Click Unlock.

  6. Enter the Google Client ID you obtained from Google, and then click Save Changes.

Use Google

To enable login with Google in your application, follow the Google+ documentation for iOS. Successful authentication results in an OpenID Connect authentication token, which Amazon Cognito uses to authenticate the user and generate a unique identifier.

Successful authentication results in a GTMOAuth2Authentication object which contains an id_token, which Amazon Cognito uses to authenticate the user and generate a unique identifier:

Copy
func finishedWithAuth(auth: GTMOAuth2Authentication!, error: NSError!) { if error != nil { print(error.localizedDescription) } else { let idToken = auth.parameters.objectForKey("id_token") credentialsProvider.logins = [AWSCognitoLoginProviderKey.Google.rawValue: idToken!] } }

JavaScript

Note

If your app uses Google and will be available on multiple mobile platforms, you should configure it as an OpenID Connect Provider, adding all created client IDs as additional audience values to allow for better integration. To learn more about Google's cross-client identity model, see Cross-client Identity.

Set Up Google

To enable Google+ Sign-in for your web application, you will need to create a Google Developers console project for your application.

  1. Go to the Google Developers console and create a new project.

  2. Under APIs and auth > APIs > Social APIs, enable the Google+ API.

  3. Under APIs and auth > Credentials > OAuth consent screen, create the dialog that will be shown to users when your app requests access to their private data.

  4. Under Credentials > Add Credentials, create an OAuth 2.0 client ID for your web application. You will need a client ID for each platform you intend to develop for (e.g. web, iOS, Android).

  5. Under Credentials > Add Credentials, create a Service Account. The console will alert you that a new public/private key has been created.

For additional instructions on using the Google Developers console, see Managing projects in the Developers Console.

Configure the External Provider in the Amazon Cognito Console

From the Amazon Cognito Console home page:

  1. Click the name of the identity pool for which you want to enable Amazon as an external provider. The Dashboard page for your identity pool appears.

  2. In the top-right corner of the Dashboard page, click Edit identity pool. The Edit identity pool page appears.

  3. Scroll down and click Authentication providers to expand it.

  4. Click the Google tab.

  5. Click Unlock.

  6. Enter the Google Client ID you obtained from Google, and then click Save Changes.

Use Google

To enable login with Google in your application, follow the Google+ documentation for Web.

Successful authentication results in a response object which contains an id_token, which Amazon Cognito uses to authenticate the user and generate a unique identifier:

Copy
function signinCallback(authResult) { if (authResult['status']['signed_in']) { // Add the Google access token to the Cognito credentials login map. AWS.config.credentials = new AWS.CognitoIdentityCredentials({ IdentityPoolId: 'IDENTITY_POOL_ID', Logins: { 'accounts.google.com': authResult['id_token'] } }); // Obtain AWS credentials AWS.config.credentials.get(function(){ // Access AWS resources here. }); } }

Unity

Set Up Google

To enable Google+ Sign-in for your web application, you will need to create a Google Developers console project for your application.

  1. Go to the Google Developers console and create a new project.

  2. Under APIs and auth > APIs > Social APIs, enable the Google+ API.

  3. Under APIs and auth > Credentials > OAuth consent screen, create the dialog that will be shown to users when your app requests access to their private data.

  4. For Unity, you need to create a total of three IDs: two for Android and one for iOS. Under Credentials > Add Credentials:

    • Android: Create an OAuth 2.0 client ID for Android and an OAuth 2.0 client ID for a web application.

    • iOS: Create an OAuth 2.0 client ID for iOS.

  5. Under Credentials > Add Credentials, create a Service Account. The console will alert you that a new public/private key has been created.

Create an OpenID Provider in the IAM Console

  1. Next, you will need to create an OpenID Provider in the IAM Console. For instructions on how to set up an OpenID Provider, see Using OpenID Connect Identity Providers.

  2. When prompted for your Provider URL, enter "https://accounts.google.com".

  3. When prompted to enter a value in the Audience field, enter any one of the three client IDs your created in the previous steps.

  4. After creating the provider, click on the provider name and add two more audiences, providing the two remaining client IDs.

Configure the External Provider in the Amazon Cognito Console

From the Amazon Cognito Console home page:

  1. Click the name of the identity pool for which you want to enable Amazon as an external provider. The Dashboard page for your identity pool appears.

  2. In the top-right corner of the Dashboard page, click Edit identity pool. The Edit identity pool page appears.

  3. Scroll down and click Authentication providers to expand it.

  4. Click the Google tab.

  5. Click Unlock.

  6. Enter the Google Client ID you obtained from Google, and then click Save Changes.

Install the Unity Google Plugin

  1. Add the Google Play Games plugin for Unity to your Unity project.

  2. In Unity, from the Windows menu, configure the plugin using the three IDs for the Android and iOS platforms.

Use Google

The following sample code shows how to retrieve the authentication token from the Google Play Service:

Copy
void Start() { PlayGamesClientConfiguration config = new PlayGamesClientConfiguration.Builder().Build(); PlayGamesPlatform.InitializeInstance(config); PlayGamesPlatform.DebugLogEnabled = true; PlayGamesPlatform.Activate(); Social.localUser.Authenticate(GoogleLoginCallback); } void GoogleLoginCallback(bool success) { if (success) { string token = PlayGamesPlatform.Instance.GetIdToken(); credentials.AddLogin("accounts.google.com", token); } else { Debug.LogError("Google login failed. If you are not running in an actual Android/iOS device, this is expected."); } }

Xamarin

Note

Google integration is not natively supported on the Xamarin platform. Integration currently requires the use of a web view to go through the browser sign in flow. To learn how Google integration works with other SDKs, please select another platform.

To enable login with Google in your application, you will need to authenticate your users and obtain an OpenID Connect token from them. Amazon Cognito uses this token to generate a unique user identifier that is associated to a Cognito Identity. Unfortunately, the Google SDK for Xamarin doesn't allow you to retrieve the OpenID Connect token, so you will need to use an alternative client or the web flow in a web view.

Once you have the token, you can set it in your CognitoAWSCredentials:

Copy
credentials.AddLogin("accounts.google.com", token);

Note

If your app uses Google and will be available on multiple mobile platforms, you should configure it as an OpenID Connect Provider, adding all created client IDs as additional audience values to allow for better integration. To learn more about Google's cross-client identity model, see Cross-client Identity.