#✅ - Removing Cognito from Hosted UI Identity Providers

6 messages · Page 1 of 1 (latest)

finite gulch
#

I want to remove the Cognito user pool from the available identity providers in the Hosted UI. Typically, this can be done manually through the AWS Cognito Console by following these steps:

  1. Navigate to User pools.
  2. Select the User pool (e.g., User pool xxx).
  3. Go to App integration.
  4. Choose the relevant app client (e.g., userPoolAppClientXXX) in the App client list.
  5. Under Hosted UI, click Edit and remove Cognito user pool from the list of identity providers.

However, my goal is to automate this process via code, avoiding the need for manual updates for every environment.

Currently, I added a propertyOverride to my backend.ts file. This approach works when the authentication resource was already created in a previous "push". However, it fails when creating a new environment (e.g., a sandbox) because the "Google" identity provider has not been created yet.

Here is my current code:

export const backend = defineBackend({
  auth,
  data,
});

const { cfnUserPool, cfnUserPoolClient } = backend.auth.resources.cfnResources;

cfnUserPoolClient.addPropertyOverride("SupportedIdentityProviders", ["Google"]);

The error I encounter is:

The provider Google does not exist for User Pool eu-central-1_kRc6Z7qhj.

Question:

How can I ensure that the property override is executed only after Google has been registered as an identity provider in a push? Alternatively, is there another method to remove Cognito user pool from the app client programmatically?

Bildschirmfoto_2024-05-23_um_22.22.48.png
topaz coral
#

👋 the approach to override with CDK should work! CDK might require all caps for this, but you should be able to modify the property directly without using addPropertyOverride

#

is the use case to prevent folks from signing up with email+password and to push them through google?

finite gulch
#

Hi @topaz coral, thanks for the tip! I got it working using
cfnUserPoolClient.supportedIdentityProviders = cfnUserPoolClient.supportedIdentityProviders?.filter((provider: string) => provider !== 'COGNITO') to filter out Cognito and keep all other identity providers. It works on first deploy as well as consecutive ones.
Yes, i have a custom 'Authenticator' UI component in my frontend that lets users sign-in using Cognito and other identity providers and if someone somehow lands on the hosted UI page they should only be able to sign-in using third-party providers like Google since signing-in through Cognito from the hosted UI doesn't play well with my frontend. Thanks again!

upbeat vineBOT
#

✅ - Removing Cognito from Hosted UI Identity Providers

#

Answer selected!

`cfnUserPoolClient.supportedIdentityProviders = cfnUserPoolClient.supportedIdentityProviders?.filter((provider: string) => provider !== 'COGNITO')` to filter out Cognito and keep all other identity providers. It works on first deploy as well as consecutive ones. 
Yes, i have a custom 'Authenticator' UI component in my frontend that lets users sign-in using Cognito and other identity providers and if someone somehow lands on the hosted UI page they should only be able to sign-in using third-party providers like Google since signing-in through Cognito from the hosted UI doesn't play well with my frontend. Thanks again!```
Kudos to @finite gulch!
#1243301189765038202 message