Email and Google authentication using AWS Cognito

Question

My app currently uses a Cognito user pool for email and password authentication. It works very well. I want to add google authentication now.

I've added google as an identity provider by following the documentation here http://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-social.html.

I've authenticated my user with google and get back an auth token from google and an id token. I'm unsure what to do next.

I imagine I somehow give this token to cognito and cognito gives me a cognito id token I can use for authentication with my app.

Answer 1

Cognito does not accept Google token directly. You will need to use auth sdk to interact with authorize/token endpoints:
https://github.com/aws/amazon-cognito-auth-js/
https://github.com/aws/amazon-cognito-identity-js
You need to login with Google first. A corresponding user will be created in your user pool and the auth SDK will save that username and tokens in a local storage(same location where this SDK retrieves it from). By using use case 16 in this SDK you can retrieve that user and the session containing the tokens.