Sign-in with Google (Optional)

[中文版本]

The end users might want to use their Google accounts to login to RainMaker Mobile apps.

This section describes the steps required to configure the Google sign-in for the end users.

Pre-requisites

  1. Google developer account is already created. (Reference: https://console.developers.google.com/)

  2. ESP-RainMaker-Core is deployed.

  3. Custom domain is created. (Reference: Configuring customer Domain)

Steps to Configure Google App Client

Configurations in Google Developer Account

  • Sign in to the Google API Console with your Google developer account credentials using the URL - https://console.developers.google.com/.

  • When you login to the Google Developer console, below screen is displayed.

Google Developer Console

  • To create a Google API Console project, Click on ▼ found at top left title bar next to the list of projects, as shown below.

  • Click on New project at the top right corner.

Google API Console Project

  • Enter a Project name and Click CREATE.

Google Project Creation

After the project is created, you will need to configure the OAuth consent screen. The steps for configuring OAuth consent are provided below.

Note: You are required to configure the newly created project. If you have multiple projects in your Google developer account, select the newly created project, from the list of projects by clicking on ▼ found at top left title bar.

  • In the Google API Console, in the left navigation pane, click on OAuth consent screen.

Google API Console

  • Select User type as "External" and click on Create.

Google OAuth Consent Screen

  • Enter App Name and User support email, under App information. You may enter Application Home Page, Application Privacy Link, Application Terms of Service Link, but these are optional.

Google OAuth Consent Screen

  • Under Authorized domains, click on Add Domain.

Google Authorized Domain

  • Enter amazoncognito.com for the domain name as shown below -

Google Authorized Domain

  • Under Developer contact information enter a valid email address for the developer contact information.

Contact Information

  • Click on "save and continue".

Save Details

  • Next, click on "save and continue".

Optional info

  • Review the changes and click on "Back to Dashboard".

Review changes

  • Next step is to get OAuth 2.0 client credentials. In the Google API Console, in the left navigation pane, click on Credentials.

Credentials

  • Click on "+ Create credentials" and select OAuth client ID as the option.

Credentials

  • Choose Application type as Web Application.

Create OAuth Client ID

  • Enter a Name for your OAuth client.
  • For Authorized JavaScript origins, click on ADD URI.

Authorized Javascript origins

  • Enter your Amazon Cognito domain "https://<your-company-domain>.auth.<aws-region>.amazoncognito.com" as shown below.

Cognito Domain

  • For Authorized redirect URIs, click on Add URI.

Add authorized redirect URI

Add authorized redirect URI

  • Click on "CREATE" button.

  • In the OAuth client dialog, find the client ID and client secret, and then note them for later use.

OAuth Client Dialog

Google web app client is configured successfully!

Configure Google as Identity Provider via the RainMaker Dashboard

  • Log in to RainMaker Dashboard with your admin account. Go to deployment settings.

Dashboard Deployment Settings

  • Go to the Identity Providers tab.

Identity Providrs

  • Click on '+' icon to add Identity providers configuration.

  • Choose "Google" from "Identity Provider" dropdown.

  • Add client ID and client secret noted in the previous step.

Identity Providers

Enable Google as an Identity Provider

  1. Log in to RainMaker Dashboard with your admin account. Go to deployment settings.

Dashboard Deployment Settings

  1. Go to the Cognito Configurations tab.

Cognito Config

  1. Enable the 'google' identity provider for clients as per your requirements. This will enable users to sign in using Google to the respective clients.

Configuring callback URL(Redirect URIs)

Callback URL indicates where the user is to be redirected after a successful sign-in using third party authenticating services. After the user successfully signs-up using one of these third party authenticating services, the user will be redirected to one of these URLs.

If users are to be redirected to your phone app, you should form the callback URL for your app. To form the callback URLs(redirect URIs) for phone apps, please check below sections:

Configure the callback URLs in RainMaker dashboard with steps given here: Configuring callback URL

Verifying Sign-in With Google

This section describes the steps to verify if the Sign-in with Google is configured correctly.

  • Login to AWS Console, Go to Cognito Service & click on user pools to get the list of all user pools.

Verifying Sign-in with Google

  • Click on the "rainmaker-user-email-mobile-pool". Verifying Sign-in with Google

  • Go to App integration & scroll down to App Client Lists Verifying Sign-in with Google

  • Click on rainmaker-user-email-mobile-pool-client, here you will get the App client information Verifying Sign-in with Google

  • Scroll down and click on View Hosted UI.

Hosted UI

  • In the launched hosted UI, you will be shown multiple options as shown below:

Hosted UI

  • Click on Continue with Google.

Hosted UI

  • Enter Your Email address and the password.

Hosted UI

  • After you click the Next button, you will be redirected to the callback URL configured in the Cognito App client settings and you will see an authorization code in the browser URL.

Hosted UI

Note - In this example, we have configured Espressif’s home page, so the redirection happened to this page.

FirmwareSign-in with Apple