How to use enable Google One-Tap Sign In

[Jun711]

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

I am aware of federated sign in.

However, I would like to enable Google sign-in new feature that is not supported by federatedSignIn call, this document suggests to use the following code.
Since I am already using Amplify for authentication, I would like to continue using it.

However the following code would not work with [email protected]. How should I proceed?

AWS.credentials and AWS.config don’t exist anymore anywhere in Amplify JavaScript. 
Both options will not be available to use in version 3. You will not be able to use and set your own credentials.

function signinCallback(authResult) {
  if (authResult['status']['signed_in']) {

     // Add the Google access token to the Amazon Cognito credentials login map.
     AWS.config.credentials = new AWS.CognitoIdentityCredentials({
        IdentityPoolId: 'IDENTITY_POOL_ID',
        Logins: {
           'accounts.google.com': authResult['id_token']
        }
     });

     // Obtain AWS credentials
     AWS.config.credentials.get(function(){
        // Access AWS resources here.
     });
  }
}

Describe the solution you'd like
Enable using and setting our own credentials.

[manueliglesias]

Hi @Jun711

I would like to enable Google sign-in new feature that is not supported by federatedSignIn call

Can you elaborate a little on this? what feature that you are looking for is not currently supported?

Also, take a look at the example showing Identity Pool Federation with google, it might help

[Jun711]

@manueliglesias
I am trying to use Google One Tap Sign-in. I just found a similar thread opened by another user.

maybe the document you shared may work. I will give it a try.
Currently, I am using Auth.federatedSignIn({provider: 'Google'}) without passing the token to the federatedSignIn function.

const getAWSCredentials = async (googleUser) => {
        const { id_token, expires_at } = googleUser.getAuthResponse();
        const profile = googleUser.getBasicProfile();
        let user = {
            email: profile.getEmail(),
            name: profile.getName()
        };

        const credentials = await Auth.federatedSignIn(
            'google',
            { token: id_token, expires_at },
            user
        );
        console.log('credentials', credentials);
    }

[Jun711]

@manueliglesias

Update:
1
I noticed that this part of the document you shared mentioned this.

// Auth.currentSession() does not currently support federated identities. Please store the auth0 session info manually(for example, store tokens into the local storage).

2
No Cognito user is created for this user when federatedSignIn this way. Does Amplify provide a way to create an account for this user at my user pool?

---

I tried the above code from the document you shared.

Right after calling federatedSignIn with google id token, I called await Auth.currentSession but Amplify log says there is no current user. Amplify debugger log is attached.

I would like to use the JwtToken to call an API authorized using Cognito. How do I achieve this?

'Authorization': session.getIdToken().getJwtToken(),

FederatedSignIn + UserSession code (Amplify part is similar but Google API part is different

const getAWSCredentials = async (googleUser) => {
        const { id_token, expires_at } = googleUser.getAuthResponse();
        const profile = googleUser.getBasicProfile();
        let user = {
            email: profile.getEmail(),
            name: profile.getName()
        };

        const credentials = await Auth.federatedSignIn(
            'google',
            { token: id_token, expires_at },
            user
        );
        console.log('credentials', credentials);

        const userSession = await Auth.currentSession();
        console.log('userSession ', userSession)
        const amplifyIdToken = userSession.getIdToken().getJwtToken();
        console.log('amplifyIdToken ', amplifyIdToken)
  }

Log of calling currentSession right after federatedSignIn

Log of calling currentSession after refreshing the page (previously federatedSignIn but didn't signOut)

[manueliglesias]

Hi @Jun711

No Cognito user is created for this user when federatedSignIn this way. Does Amplify provide a way to create an account for this user at my user pool?

Yes, you can use federation as shown in https://docs.amplify.aws/lib/auth/social/q/platform/js

That will use a cognito user pool instead of just identity pools

[Jun711]

@manueliglesias
Yes, I had that set up for traditional Google sign in already and it would create a cognito user when I used Auth.federatedSignIn({provider: 'Google'})}.

However, the newer feature: Google one tap sign in doesn't have the same configuration as the traditional Google sign in since there is no redirection. In other words, it doesn't redirect to Google Sign In page and redirects to my App UI. Could you please look into it further?

And
I am not using Auth.federatedSignIn({provider: 'Google'})}
Instead, I have to use the following code to do federatedSignIn like you suggested last week.

        const credentials = await Auth.federatedSignIn(
            'google',
            { token: id_token, expires_at },
            user
        );

[jysung]

@Jun711 did you manage to figure out one tap sign in?

[crowers]

We also need to support Google One Tap with Cognito. Any solutions anyone? Thanks

[m98]

Any update on this?
I tried a lot but could not work with Google's one-tap login!

[crowers]

No news that I'm aware of. Planning to move away from Cognito as the support is so poor

[tannerabread]

Hi @m98, @crowers
We recently discussed this feature request internally and are not sure it is currently possible with how the library is set up. We are still investigating the issue.

[m98]

@tannerabread Any chance you can prioritize this?
This is a feature that sooner or later will be requested from you again, and can be seen as a potential limitation of Cognito.

[tannerabread]

@m98 You are correct and this is a limitation with Cognito itself. We have communicated the requirement for our service to their team, once it is available from Cognito we can implement in Amplify. I do not currently have a timeline for when the fix will come from their end.

[crowers]

@m98 You are correct and this is a limitation with Cognito itself. We have communicated the requirement for our service to their team, once it is available from Cognito we can implement in Amplify. I do not currently have a timeline for when the fix will come from their end.

Will there be a way to use Google One Tap and Cognito without adding a large library like Amplify to my project?

[crowers]

For those planning to migrate away from Cognito we found this blog post outlining the steps to be very helpful: https://fusionauth.io/blog/2022/02/07/how-to-migrate-from-cognito We hope it will be useful to anyone else similarly struggling with Cognito's limitations.

[m98]

Hi @tannerabread, I hope you're doing well. I was wondering if you had any updates on the progress of the work being done by the Cognito team on this issue. Our team is eagerly waiting for this feature, and having an estimate of when it might be available would be really helpful. Thank you in advance for any information you might be able to provide.

[vicodinvic1]

same problem, our team needs this feature as well

[gabrielmanara]

Hi @tannerabread, do you have any updates from Cognito team?

[sjdeak]

Hi @tannerabread, do you have any updates from Cognito team?

[pkhadson]

Hi @tannerabread, do you have any updates from Cognito team?

[TamerShlash]

Any updates on this?

[Spetnik]

Hi @tannerabread, do you have any updates from Cognito team?

[lucasyarid]

It would be great to have an update on this, even if it is a "won't fix".
It is hard to justify the usage of Cognito when such integrations, which are standard for modern authentication, cannot be implemented.

[knotri]

Hi, any update?

[yousufdev]

This is crucial, given that almost all authentication providers have it. Any update would be appreciated.