Skip to content

Configure AWS Cognito Authentication

Web3 applications that use AWS Cognito for user authentication can enable the Arcana wallet for the authenticated users. The developers must configure AWS Cognito and then integrate the app with the Arcana Auth SDK.

Step 1: Use Arcana Dashboard

Go to the Arcana Dashboard:

Register your dApp by creating a new dApp entry and specifying a name using the 'Create New App' wizard.

Registering the Application

If you have already registered your dApp using Arcana Dashboard and obtained an Client ID, you may skip this step.

Use defaults for other settings or change them as per your use case. Refer to the how to configure dApp guide for details.

Go to the Configure->Social Auth configuration section and copy the redirect URI value displayed there. This will be used in the next step to generate Cognito OAuth credentials.


Do not close the dashboard browser tab. Open another tab and set up AWS Cognito OAuth. Then come back to the Dashboard tab and complete the dApp configuration settings.

Step 2: Use AWS Management Console

Go to the AWS Management Console and register your dApp as a new Cognito client application. Log in to the console, search for 'Cognito' and you will see the Cognito setup dashboard. Using this dashboard, you need to add your app as a Cognito client in the context of a Cognito 'User Pool'. If you do not already have a Cognito 'User Pool' setup, create a new User Pool first as highlighted in the figure below.

Cognito Sign-in Options

Email ID must be selected as one of the Cognito sign-in options.

Cognito console

If you already have a user pool set up, select it from the list and double-click on it to see the details. Refer to the App Integration tab settings and click Create App Client on the bottom right of the page.

Cognito create app client

You will see the Create Client dashboard screen. You need to specify the following settings for your app and update the requisite fields in the console:

  • App Type: Public Client
  • App Client Name: Enter the app name
  • Client Secret: Select the 'Do not generate client secret' option
  • Authentication Flows: Select ALLOW_REFRESH_TOKEN_AUTH

Then scroll down to the Hosted UI section and refer to the Allowed Callback URLs field. In this field, add the Redirect URI copied from Arcana Dashboard in the previous step.

Cognito Create Client Settings

Make sure you add Cognito User Pool in the Identity Provider section of the settings as shown in the figure above.

For the OAuth 2.0 Grant Type setting, make sure you specify Authorization Code Grant and Implicit Grant values as shown in the figure below:

Cognito Oauth2.0 Grant Type

In the Custom Scope section, ensure that the attribute EmailID has read access. This is used by Arcana Auth SDK to enable the aggregate login feature.

Save the new client app settings. You will see the new client app entry in the user pool page under the App Client List section.

Cognito Client App List

Copy the ClientID that is automatically generated by Cognito for the newly registered Client App. It will be required in the next step while completing the Arcana dashboard dApp configuration.

Step 3: Update Arcana Dashboard

Revisit the Arcana Developer Dashboard portal. Click on your app entry and visit the application dashboard. Click Configure->Social Auth in the LHS navigation bar. Refer to the "Cognito" field and paste the Client ID assigned by AWS Management Console after the Cognito OAuth setup in the previous step, in the input text field.


Save the settings. Arcana Network assigns a Client ID to every registered and configured dApp. You need to save this Client ID and use it while integrating the dApp with the Auth SDK.

Client ID

You are all set with the Cognito configuration. Integrate the Web3 application with the Arcana Auth SDK. After authentication, users can access Arcana wallet functionality.

Last update: March 16, 2023 by shalz