Skip to content

Configure AWS Cognito Authentication

Web3 apps that use AWS Cognito for user authentication can enable authenticated users to sign blockchain transactions using the Arcana wallet. This requires configuring AWS Cognito before integrating the app with the Arcana Auth SDK.


  1. Some of the authentication provider configuration steps are performed using the AWS Management Console, whereas the others use the Arcana Developer Dashboard. After configuring AWS Cognito, simply integrate the app with the Arcana Auth SDK, initialize the AuthProvider, and only then add code in the app to use the Arcana Auth SDK functions for enabling authenticated users to sign blockchain transactions using the Arcana wallet.

  2. When utilizing global keys in the Mainnet configuration profile, developers do not need to configure the social login section in the Arcana Developer Dashboard or set up provider-specific OAuth settings to obtain a clientID. If you are using a copy of the Testnet configuration profile as the Mainnet configuration profile, remove the Social Auth section settings altogether. Simply use the Arcana assigned Client ID for integrating the app with the Arcana Auth SDK.

Step 1: Get Redirect URI

Go to the Arcana Developer Dashboard:

Register the app by creating a new entry using the 'Create New App' wizard.

Registering App

Skip this step if you have already registered your app using the Arcana Developer Dashboard and obtained a Client ID.

Use defaults for configuration settings or edit them as per the app requirements. See the How to configure an app guide for details.

Go to the app configuration screen on the Arcana Developer Dashboard and click Configure > Social Auth section in the LHS. Copy the redirect URI value displayed on the top RHS. This will be used in the next step to generate Cognito OAuth credentials.


Do not close the Arcana Developer Dashboard browser tab. Open another tab and set up AWS Cognito OAuth. Then come back to the Arcana Developer Dashboard tab and complete the app configuration settings.

Step 2: AWS Management Console

Go to the AWS Management Console and register your app as a new Cognito client application. Log in to the console, search for 'Cognito' and you will see the Cognito setup dashboard. Use the Cognito setup dashboard to add the app as a Cognito client in the context of a Cognito 'User Pool'. If a Cognito 'User Pool' is not already set up, create a new User Pool first as highlighted in the figure below.

Cognito Sign-in Options

Email ID must be selected as one of the Cognito sign-in options.

Cognito console

If a user pool is already set up, simply select it from the list and double-click on it to see the details. Refer to the App Integration tab settings and click Create App Client on the bottom right of the page.

Cognito create an app client

You will see the Create Client dashboard screen. You need to specify the following settings for your app and update the requisite fields in the console:

  • App Type: Public Client
  • App Client Name: Enter the app name
  • Client Secret: Select the 'Do not generate client secret' option
  • Authentication Flows: Select ALLOW_REFRESH_TOKEN_AUTH

Next, scroll down to the Hosted UI section and refer to the Allowed Callback URLs field. In this field, add the Redirect URI copied from the Arcana Developer Dashboard in the previous step.

Cognito Create Client Settings

Make sure you add Cognito User Pool in the Identity Provider section of the settings as shown in the figure above.

For the OAuth 2.0 Grant Type setting, make sure you specify Authorization Code Grant and Implicit Grant values as shown in the figure below:

Cognito Oauth2.0 Grant Type

In the Custom Scope section, ensure that the attribute EmailID has read access. This is used by Arcana Auth SDK to enable the aggregate login feature.

Save the new client app settings. You will see the new client app entry in the user pool page under the App Client List section.

Cognito Client App List

Copy the ClientID that is automatically generated by Cognito for the newly registered Client App. It will be required in the next step while completing the app configuration using the Arcana Developer Dashboard.

Step 3: Update Arcana Developer Dashboard

Revisit the Arcana Developer Dashboard. Click on the app entry and visit the application dashboard. Click Configure > Social Auth section in the LHS navigation bar. Refer to the "Cognito" field and paste the Client ID assigned by AWS Management Console after the Cognito OAuth setup in the previous step, in the input text field.


Save the settings. Arcanaassigns a unique Client ID to every registered app. Save this Client ID and use it while integrating the app with the Arcana Auth SDK.

Client ID

You are all set with the Cognito configuration. Next, integrate the Web3 app with the Arcana Auth SDK and enable the authenticated users to sign blockchain transactions using the Arcana wallet. See Arcana wallet Developer's Guide for details.

Last update: June 29, 2023 by shaloo, shalz