const userPool = new UserPool(scope, `${props.appName}-userpool`, {
userPoolName: `${props.appName}-userpool`,
selfSignUpEnabled: true,
accountRecovery: AccountRecovery.PHONE_AND_EMAIL,
userVerification:{
emailStyle: VerificationEmailStyle.CODE
},
autoVerify: {
email: true
},
standardAttributes: {
email: {
required: true,
mutable: true
}
}
})
const userPoolDomain = new UserPoolDomain(
scope,
`${props.appName}-userpooldomain`,
{
userPool,
cognitoDomain: {
domainPrefix: `${props.appName}`
}
}
)
const googleSecretValue = Secret.fromSecretNameV2(
scope,
'google.clientSecretName',
`${props.appName}-googleoauth`
)
const googleProvider = new UserPoolIdentityProviderGoogle(
scope,
`${props.appName}-googleprovider`,
{
clientId: props.google.clientId,
clientSecretValue: googleSecretValue.secretValue,
scopes: ['openid', 'profile', 'email'],
attributeMapping: {
email: ProviderAttribute.GOOGLE_EMAIL,
givenName: ProviderAttribute.GOOGLE_GIVEN_NAME,
familyName: ProviderAttribute.GOOGLE_FAMILY_NAME,
phoneNumber: ProviderAttribute.GOOGLE_PHONE_NUMBERS,
},
userPool,
}
)
userPool.registerIdentityProvider(googleProvider)
#signInWithRedirect({provider: 'Google'}) - 404's on the google hosted page
worn oyster
const userPoolClient = new UserPoolClient(
scope,
`${props.appName}-userpoolclient`,
{
userPool,
oAuth: {
flows: {
authorizationCodeGrant: true
},
callbackUrls: props.google.callbackUrls,
logoutUrls: props.google.logoutUrls,
}
}
)
const identityPool = new IdentityPool(
scope,
`${props.appName}-identitypool`,
{
identityPoolName: `${props.appName}-identitypool`,
allowUnauthenticatedIdentities: true,
authenticationProviders: {
userPools: [
new UserPoolAuthenticationProvider({
userPool: userPool,
userPoolClient: userPoolClient
})
]
}
}
)