How do I enable Google sign-in on a multi-tenant app?
In this guide, we will walk through the steps to enable Google sign-in on a multi-tenant application using AWS Cognito. We will set up an AWS Cognito User Pool, configure a Cognito Identity Provider for Google, and create a User Pool Client.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
// Create a Cognito User Pool
const userPool = new aws.cognito.UserPool("userPool", {
name: "multiTenantUserPool",
autoVerifiedAttributes: ["email"],
aliasAttributes: ["email"],
mfaConfiguration: "OFF",
passwordPolicy: {
minimumLength: 8,
requireLowercase: true,
requireNumbers: true,
requireSymbols: true,
requireUppercase: true,
},
adminCreateUserConfig: {
allowAdminCreateUserOnly: false,
},
});
// Create a Cognito User Pool Domain
const userPoolDomain = new aws.cognito.UserPoolDomain("userPoolDomain", {
domain: "multi-tenant-app",
userPoolId: userPool.id,
});
// Create a Cognito User Pool Client
const userPoolClient = new aws.cognito.UserPoolClient("userPoolClient", {
name: "multiTenantUserPoolClient",
userPoolId: userPool.id,
generateSecret: false,
allowedOauthFlows: ["code"],
allowedOauthScopes: ["email", "openid", "profile"],
callbackUrls: ["https://yourapp.com/callback"],
logoutUrls: ["https://yourapp.com/logout"],
supportedIdentityProviders: ["COGNITO", "Google"],
});
// Configure Google as an Identity Provider
const googleIdentityProvider = new aws.cognito.IdentityProvider("googleIdentityProvider", {
providerName: "Google",
providerType: "Google",
userPoolId: userPool.id,
providerDetails: {
client_id: "YOUR_GOOGLE_CLIENT_ID",
client_secret: "YOUR_GOOGLE_CLIENT_SECRET",
authorize_scopes: "openid profile email",
},
attributeMapping: {
email: "email",
username: "sub",
},
});
// Output the User Pool Domain URL
export const userPoolDomainUrl = pulumi.interpolate`https://${userPoolDomain.domain}.auth.${aws.config.region}.amazoncognito.com`;
Key Points
- User Pool: Central place where user information is stored.
- User Pool Domain: Custom domain for the user pool.
- User Pool Client: Application that interacts with the user pool.
- Identity Provider: Integration with Google for social sign-in.
Summary
We have successfully set up a Cognito User Pool, configured a User Pool Client, and integrated Google as an Identity Provider for enabling social sign-in on a multi-tenant application using Pulumi.
Deploy this code
Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.
Sign upNew to Pulumi?
Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.
Sign upThank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.