1. Answers
  2. Enabling Google Sign-In on a Multi-Tenant App

How do I enable Google sign-in on a multi-tenant app?

In this guide, we will walk through the steps to enable Google sign-in on a multi-tenant application using AWS Cognito. We will set up an AWS Cognito User Pool, configure a Cognito Identity Provider for Google, and create a User Pool Client.

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

// Create a Cognito User Pool
const userPool = new aws.cognito.UserPool("userPool", {
    name: "multiTenantUserPool",
    autoVerifiedAttributes: ["email"],
    aliasAttributes: ["email"],
    mfaConfiguration: "OFF",
    passwordPolicy: {
        minimumLength: 8,
        requireLowercase: true,
        requireNumbers: true,
        requireSymbols: true,
        requireUppercase: true,
    },
    adminCreateUserConfig: {
        allowAdminCreateUserOnly: false,
    },
});

// Create a Cognito User Pool Domain
const userPoolDomain = new aws.cognito.UserPoolDomain("userPoolDomain", {
    domain: "multi-tenant-app",
    userPoolId: userPool.id,
});

// Create a Cognito User Pool Client
const userPoolClient = new aws.cognito.UserPoolClient("userPoolClient", {
    name: "multiTenantUserPoolClient",
    userPoolId: userPool.id,
    generateSecret: false,
    allowedOauthFlows: ["code"],
    allowedOauthScopes: ["email", "openid", "profile"],
    callbackUrls: ["https://yourapp.com/callback"],
    logoutUrls: ["https://yourapp.com/logout"],
    supportedIdentityProviders: ["COGNITO", "Google"],
});

// Configure Google as an Identity Provider
const googleIdentityProvider = new aws.cognito.IdentityProvider("googleIdentityProvider", {
    providerName: "Google",
    providerType: "Google",
    userPoolId: userPool.id,
    providerDetails: {
        client_id: "YOUR_GOOGLE_CLIENT_ID",
        client_secret: "YOUR_GOOGLE_CLIENT_SECRET",
        authorize_scopes: "openid profile email",
    },
    attributeMapping: {
        email: "email",
        username: "sub",
    },
});

// Output the User Pool Domain URL
export const userPoolDomainUrl = pulumi.interpolate`https://${userPoolDomain.domain}.auth.${aws.config.region}.amazoncognito.com`;

Key Points

  • User Pool: Central place where user information is stored.
  • User Pool Domain: Custom domain for the user pool.
  • User Pool Client: Application that interacts with the user pool.
  • Identity Provider: Integration with Google for social sign-in.

Summary

We have successfully set up a Cognito User Pool, configured a User Pool Client, and integrated Google as an Identity Provider for enabling social sign-in on a multi-tenant application using Pulumi.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up