Skip to content

Setup Cognito

Configuring Cognito for apps using global keys differs from apps using app-specific keys.

Pre-requisites

  • Log in to the Arcana Developer Dashboard: https://dashboard.arcana.network

  • Before you can configure, the app should be registered by creating a new app entry in the dashboard through the 'Create New App' wizard.

Register & Configure

Each app is assigned a unique Client ID upon registration. A default Testnet configuration is linked with the registered app. No social authentication providers are enabled for the app. Passwordless login is enabled for all registered apps automatically.

A registered app can be deployed only at the Arcana Testnet. Developers must create a Mainnet profile using the Arcana Developer Dashboard to deploy a registered app on the Mainnet. Each profile can use identical or different Social Auth settings.

App Identifier
Unique App Identifier: ClientID

Global Keys

Apps that require global keys feature do not need to configure the Social Auth settings in the Arcana Developer Dashboard.

User onboarding via Cognito is automatically turned on for the app when global keys are enabled.

Global Keys Setting
Global Keys Setting

Global Keys Configuration Change

In the earlier versions of the Arcana Auth SDK, apps using global keys were required to configure Social Auth settings for the providers. This behavior has changed in the latest release of the Arcana Auth SDK.

If an app was configured for any social login providers and switches over from app-specific to global keyspace later, the Social Auth settings will be disabled altogether.

Global Keys, Social Auth Settings Disabled
Global Keys: Social Auth Settings Disabled

App-specific Keys

Follow these steps to configure the Social Auth settings and enable user onboarding via Cognito. It requires developers to use the Arcana Developer Dashboard and the AWS Management Console.

Step 1: Get Redirect URI

Select the app in the Manage Apps dashboard screen and click Testnet/Mainnet to configure Cognito in the respective configuration profile. Go to Configure > Social Auth. Copy the redirect URI shown on the top right.

Get Redirect URI
Get Redirect URI

Do not close the Social Auth browser tab in the Arcana Developer Dashboard.Open another tab and set up AWS Cognito OAuth.

Step 2: AWS Management Console

Go to the AWS Management Console and register your app as a new Cognito client application. Log in to the console, search for 'Cognito' and you will see the Cognito setup dashboard. Use the Cognito setup dashboard to add the app as a Cognito client in the context of a Cognito 'User Pool'. If a Cognito 'User Pool' is not already set up, create a new User Pool first as highlighted in the figure below.

Cognito Sign-in Options

Email ID must be selected as one of the Cognito sign-in options.

AWS Management console
AWS Management Console

If a user pool is already set up, simply select it from the list and double-click on it to see the details. Refer to the App Integration tab settings and click Create App Client on the bottom right of the page.

Create Cognito App Client
Create Cognito App Client

You will see the Create Client dashboard screen. You need to specify the following settings for your app and update the requisite fields in the console:

  • App Type: Public Client
  • App Client Name: Enter the app name
  • Client Secret: Select the 'Do not generate client secret' option
  • Authentication Flows: Select ALLOW_REFRESH_TOKEN_AUTH

Next, scroll down to the Hosted UI section and refer to the Allowed Callback URLs field. In this field, add the Redirect URI copied from the Arcana Developer Dashboard in the previous step.

Update Allowed Callback URLs
Update Allowed Callback URLs

Make sure you add Cognito User Pool in the Identity Provider section of the settings as shown in the figure above.

For the OAuth 2.0 Grant Type setting, make sure you specify Authorization Code Grant and Implicit Grant values as shown in the figure below:

Cognito OAuth2.0 Grant Type
Cognito OAuth2.0 Grant Type

In the Custom Scope section, ensure that the attribute EmailID has read access. This is used by Arcana Auth SDK to enable the aggregate login feature.

Save the new client app settings. You will see the new client app entry in the user pool page under the App Client List section.

Cognito Client App List
Client App List

Copy the ClientID that is automatically generated by Cognito for the newly registered Client App. It will be required in the next step while completing the app configuration using the Arcana Developer Dashboard.

Step 3: Update Cognito Social Auth Settings

In the Arcana Developer Dashboard, click Configure > Social Auth. Refer to the empty fields next to the "Cognito" setting. Paste the Client ID assigned by AWS Management Console after the Cognito OAuth setup in the previous step, in the input text field.

Dashboard: Update Cognito ClientID
Dashboard: Update Cognito ClientID

Save the Social Auth settings.

You are all set with the Cognito configuration!

Last update: March 15, 2024 by shaloo, shaloo