Setup Cognito
Configuring Cognito for apps using global keys differs from apps using app-specific keys.
Pre-requisites
-
Log in to the Arcana Developer Dashboard: https://dashboard.arcana.network
-
Before you can configure, the app should be registered by creating a new app entry in the dashboard through the 'Create New App' wizard.
Register & Configure
Each app is assigned a unique Client ID upon registration. A default Testnet configuration is linked with the registered app. No social authentication providers are enabled for the app. Passwordless login is enabled for all registered apps automatically.
A registered app can be deployed only at the Arcana Testnet. Developers must create a Mainnet profile using the Arcana Developer Dashboard to deploy a registered app on the Mainnet. Each profile can use identical or different Social Auth settings.
Global Keys
Apps that require global keys feature do not need to configure the Social Auth settings in the Arcana Developer Dashboard.
User onboarding via Cognito is automatically turned on for the app when global keys are enabled.
Global Keys Configuration Change
In the earlier versions of the Arcana Auth SDK, apps using global keys were required to configure Social Auth settings for the providers. This behavior has changed in the latest release of the Arcana Auth SDK.
If an app was configured for any social login providers and switches over from app-specific to global keyspace later, the Social Auth settings will be disabled altogether.
App-specific Keys
Follow these steps to configure the Social Auth settings and enable user onboarding via Cognito. It requires developers to use the Arcana Developer Dashboard and the AWS Management Console.
Step 1: Get Redirect URI
Select the app in the Manage Apps dashboard screen and click Testnet/Mainnet to configure Cognito in the respective configuration profile. Go to Configure > Social Auth. Copy the redirect URI shown on the top right.
Do not close the Social Auth browser tab in the Arcana Developer Dashboard.Open another tab and set up AWS Cognito OAuth.
Step 2: AWS Management Console
Go to the AWS Management Console and register your app as a new Cognito client application. Log in to the console, search for 'Cognito' and you will see the Cognito setup dashboard. Use the Cognito setup dashboard to add the app as a Cognito client in the context of a Cognito 'User Pool'. If a Cognito 'User Pool' is not already set up, create a new User Pool first as highlighted in the figure below.
Cognito Sign-in Options
Email ID must be selected as one of the Cognito sign-in options.
If a user pool is already set up, simply select it from the list and double-click on it to see the details. Refer to the App Integration tab settings and click Create App Client on the bottom right of the page.
You will see the Create Client dashboard screen. You need to specify the following settings for your app and update the requisite fields in the console:
- App Type: Public Client
- App Client Name: Enter the app name
- Client Secret: Select the 'Do not generate client secret' option
- Authentication Flows: Select ALLOW_REFRESH_TOKEN_AUTH
Next, scroll down to the Hosted UI section and refer to the Allowed Callback URLs field. In this field, add the Redirect URI copied from the Arcana Developer Dashboard in the previous step.
Make sure you add Cognito User Pool in the Identity Provider section of the settings as shown in the figure above.
For the OAuth 2.0 Grant Type setting, make sure you specify Authorization Code Grant and Implicit Grant values as shown in the figure below:
In the Custom Scope section, ensure that the attribute EmailID has read access. This is used by Arcana Auth SDK to enable the aggregate login feature.
Save the new client app settings. You will see the new client app entry in the user pool page under the App Client List section.
Copy the ClientID that is automatically generated by Cognito for the newly registered Client App. It will be required in the next step while completing the app configuration using the Arcana Developer Dashboard.
Step 3: Update Cognito Social Auth Settings
In the Arcana Developer Dashboard, click Configure > Social Auth. Refer to the empty fields next to the "Cognito" setting. Paste the Client ID assigned by AWS Management Console after the Cognito OAuth setup in the previous step, in the input text field.
Save the Social Auth settings.
You are all set with the Cognito configuration!