Clever Geek Handbook

Why isn't AWS letting me authenticate with Google Plus?

I have an Android project and I am trying to authenticate with AWS Cognito with Google Plus. I have configured Facebook authentication and it works, but when I log into Google Plus I get 400: Unauthorized error.

Right now, I need to set my app to "Allow access to unauthenticated identities" so that Google Plus users can use it without getting an unauthorized exception.

My token coming back from Google Plus login is ok, it also gets user profile and its details, so I think it has something to do with IAM and maybe "google client id" in "Edit Identity Pool" , in the AWS dashboard.

Currently I have the OAuth 2.0 Service Account Tenant ID from my Google Developers Console as "Google Tenant ID" under Edit Identity Pool in AWS Dashboard

Someone please help :)

+3


source to share


2 answers


Due to the way Google handles customer IDs, we recommend customers use general OpenId Connect support when setting up their Google login ID pool.

  • Go to the AWS IAM console for the identity provider section .
  • Create an OpenId Connect Provider ID with the Provider URL as https://accounts.google.com and Audience as one of the Client IDs.
  • Follow the instructions to create an Identity Provider and later you will have the option to add additional Client IDs.
  • Go to Amazon Cognito Console .
  • Create or edit an identity pool and add the OpenID identity provider to the pool (it should appear in the OpenId Connect providers).


If you add iOS or Web Support later, create new Client IDs in the Google Console and add them to your OpenId Connect provider in the IAM Console.

+5


source


A few days later I did it! My Cognito account is finally talking to Google :) My big problem was the client id, there are two of them:

  • In the google console we have a small client id: XXXXXXXXXXXX.apps.googleusercontent.com
  • In the JSON file that you can download on the google console we have a large client id: client_id: XXXXXXXXXXXX-XXruakXlXXjeXqjXXtvXXXXXXXXXfjn.apps.googleusercontent.com

So, I hosted the little Cognito console in the Google+ customer id



The big one I put in my code:

String token = GoogleAuthUtil.getToken(appActivity, accounts[0].name,
"audience:server:client_id:XXXXXXXXXXXX-XXruakXlXXjeXqjXXtvXXXXXXXXXfjn.apps.googleusercontent.com");

Another thing is that I changed the code in the Helper class, this code was used to log into google. the google class mate came to login to Games, so I also went to login to Plus.

+1


source






More articles:


All Articles