Skip to content

Setup Cognito

Estimated time to read: 4 minutes

Configuring Cognito for apps using global keys differs from apps using app-specific keys.

Prerequisites

Client ID

A default Testnet configuration profile is associated with every registered app. A unique Client ID is assigned for the Testnet profile. Only passwordless login is enabled by default.

A newly registered app can be deployed at the Arcana Testnet. Developers must create a Mainnet configuration profile to deploy it on the Mainnet. A new, unique Client ID is assigned to the Mainnet profile.

App Identifier
Unique App Identifier: ClientID

Global Keys

Apps that require global keys feature do not need to configure the Social Auth settings in the Arcana Developer Dashboard.

User onboarding via Cognito is automatically turned on for the app when global keys are enabled.

Global Keys Setting
Global Keys Setting

Global Keys Configuration Change

In the earlier versions of the Arcana Auth SDK, apps using global keys were required to configure Social Auth settings for the providers. This behavior has changed in the latest release of the Arcana Auth SDK.

If an app was configured for any social login providers and switches over from app-specific to global keyspace later, the Social Auth settings will be disabled altogether.

Global Keys, Social Auth Settings Disabled
Global Keys: Social Auth Settings Disabled

App-specific Keys

Follow these steps to configure the Social Auth settings and enable user onboarding via Cognito. It requires developers to use the Arcana Developer Dashboard and the AWS Management Console.

1. Get Redirect URI

Select the app in the Manage Apps dashboard screen and click Testnet/Mainnet to configure Cognito in the respective configuration profile. Go to Configure > Social Auth. Copy the redirect URI shown on the top right.

Get Redirect URI
Get Redirect URI

Do not close the Social Auth browser tab in the Arcana Developer Dashboard.Open another tab and set up AWS Cognito OAuth.

2. AWS Management Console

Go to the AWS Management Console and register your app as a new Cognito client application. Log in to the console, search for 'Cognito' and you will see the Cognito setup dashboard. Use the Cognito setup dashboard to add the app as a Cognito client in the context of a Cognito 'User Pool'. If a Cognito 'User Pool' is not already set up, create a new User Pool first as highlighted in the figure below.

Cognito Sign-in Options

Email ID must be selected as one of the Cognito sign-in options.

AWS Management console
AWS Management Console

If a user pool is already set up, simply select it from the list and double-click on it to see the details. Refer to the App Integration tab settings and click Create App Client on the bottom right of the page.

Create Cognito App Client
Create Cognito App Client

You will see the Create Client dashboard screen. You need to specify the following settings for your app and update the requisite fields in the console:

  • App Type: Public Client
  • App Client Name: Enter the app name
  • Client Secret: Select the 'Do not generate client secret' option
  • Authentication Flows: Select ALLOW_REFRESH_TOKEN_AUTH

Next, scroll down to the Hosted UI section and refer to the Allowed Callback URLs field. In this field, add the Redirect URI copied from the Arcana Developer Dashboard in the previous step.

Update Allowed Callback URLs
Update Allowed Callback URLs

Make sure you add Cognito User Pool in the Identity Provider section of the settings as shown in the figure above. Save the Cognito User Pool Domain value as it will be required along with the Client ID in the next step.

For the OAuth 2.0 Grant Type setting, make sure you specify Authorization Code Grant and Implicit Grant values as shown in the figure below:

Cognito OAuth2.0 Grant Type
Cognito OAuth2.0 Grant Type

In the Custom Scope section, ensure that the attribute EmailID has read access. This is used by Arcana Auth SDK to enable the aggregate login feature.

Save the new client app settings. You will see the new client app entry in the user pool page under the App Client List section.

Cognito Client App List
Client App List

Copy the ClientID that is automatically generated by Cognito for the newly registered Client App. Also save the Cognito User Pool Domain value displayed in the dashboard. It will be required in the next step while completing the app configuration using the Arcana Developer Dashboard.

3. Update Social Auth

In the Arcana Developer Dashboard, click Configure > Social Auth. Refer to the empty fields next to the "Cognito" setting. Paste the Client ID and the Cognito User Pool Domain saved from the AWS Management Console in the previous step.

Dashboard: Update Cognito ClientID
Dashboard: Update Cognito ClientID

Save the Social Auth settings.

You are all set with the Cognito configuration!

Last update: May 9, 2024 by shaloo, shaloo