- Go to the Google Developer Console.
- Create a new project or select an existing one.
- Navigate to "Credentials", then click on "Create Credentials" and choose "OAuth client ID".
- Configure the consent screen if prompted.
- For the application type, select "Web application".
- Leave the redirect URI blank for now to set it later, and save temporarily.See Step5
- Once created, note down the Client ID and Client Secret.
For the detail, visit Google's official document
-
Go to the AWS Management Console.
-
Navigate to Secrets Manager and choose "Store a new secret".
-
Select "Other type of secrets".
-
Input the Google OAuth clientId and clientSecret as key-value pairs.
- Key: clientId, Value: <YOUR_GOOGLE_CLIENT_ID>
- Key: clientSecret, Value: <YOUR_GOOGLE_CLIENT_SECRET>
-
Follow the prompts to name and describe the secret. Note the secret name as you will need it in your CDK code. For example, googleOAuthCredentials.(Use in Step 3 variable name <YOUR_SECRET_NAME>)
-
Review and store the secret.
The key names must exactly match the strings 'clientId' and 'clientSecret'.
In your cdk.json file, add the ID Provider and SecretName to the cdk.json file.
like so:
{
"context": {
// ...
"identityProviders": [
{
"service": "google",
"secretName": "<YOUR_SECRET_NAME>"
}
],
"userPoolDomainPrefix": "<UNIQUE_DOMAIN_PREFIX_FOR_YOUR_USER_POOL>"
}
}
The userPoolDomainPrefix must be globally unique across all Amazon Cognito users. If you choose a prefix that's already in use by another AWS account, the creation of the user pool domain will fail. It's a good practice to include identifiers, project names, or environment names in the prefix to ensure uniqueness.
Deploy your CDK stack to AWS:
npx cdk deploy --require-approval never --all
After deploying the stack, AuthApprovedRedirectURI is showing on the CloudFormation outputs. Go back to the Google Developer Console and update the OAuth client with the correct redirect URIs.