Choose your framework/language

v1v2
Edit on GitHub

Page updated Dec 7, 2023

Add social provider sign-in

Prerequisites

Note: Social sign-in (OAuth) functionality is only available in iOS and macOS.

When configuring social sign-in through the Amplify CLI, it's important to exercise caution when designating attributes as "required." Different social identity providers have varied scopes in terms of the information they respond back to Cognito with. User pool attributes that are initially set up as "required" cannot be changed later, and may require you to migrate the users or create a new user pool.

An application with a minimum target of iOS 13.0 and/or macOS 10.15 with Amplify libraries integrated, using Xcode 14.1 or later.

For a full example, please follow the project setup walkthrough.

To use Auth in a macOS project, you'll need to enable the Keychain Sharing capability. In Xcode, navigate to your application target > Signing & Capabilities > + Capability, then select Keychain Sharing.

This capability is required because Auth uses the Data Protection Keychain on macOS as a platform best practice. See TN3137: macOS keychain APIs and implementations for more information on how Keychain works on macOS and the Keychain Sharing entitlement.

For more information on adding capabilities to your application, see Xcode Capabilities.

Setup Your Auth Provider

  1. Create a developer account with Facebook.

  2. Sign In with your Facebook credentials.

  3. Choose My Apps from the top navigation bar, and on the page that loads choose Create App. Create App button in the My Apps page of the Facebook developer account.

  4. For your use case, choose Set up Facebook Login. Set up Facebook Login option selected from list.

  5. For platform, choose Website and select No, I'm not building a game.

  6. Give your Facebook app a name and choose Create app. Form fields for the Facebook create app form.

  7. On the left navigation bar, choose Settings and then Basic. App ID and App Secret in the basic settings tab of the dashboard.

  8. Note the App ID and the App Secret. You will use them in the next section during the CLI flow.

Configure Auth Category

Once you have the social provider configured, run the following in your project’s root folder

amplify add auth ## "amplify update auth" if already configured
1amplify add auth     ## "amplify update auth" if already configured

Choose the following options (the last steps are specific to Facebook here but are similar for other providers):

? Do you want to use the default authentication and security configuration? `Default configuration with Social Provider (Federation)` ? How do you want users to be able to sign in? `Username` ? Do you want to configure advanced settings? `No, I am done.` ? What domain name prefix you want us to create for you? `(default)` ? Enter your redirect signin URI: `myapp://` ? Do you want to add another redirect signin URI `No` ? Enter your redirect signout URI: `myapp://` ? Do you want to add another redirect signout URI `No` ? Select the social providers you want to configure for your user pool: `Sign in with Apple` ? Enter your Services ID for your OAuth flow: `<your Service ID>` ? Enter your Team ID for your OAuth flow: `<your Team ID>` ? Enter your Key ID for your OAuth flow: `<your Key ID>` ? Enter your Private Key for your OAuth flow (entire key without line breaks): `<the entire content -----BEGIN PRIVATE KEY----- <key> -----END PRIVATE KEY----- from your .p8 file in a single line>`
1? Do you want to use the default authentication and security configuration?
2    `Default configuration with Social Provider (Federation)`
3? How do you want users to be able to sign in?
4    `Username`
5? Do you want to configure advanced settings?
6    `No, I am done.`
7? What domain name prefix you want us to create for you?
8    `(default)`
9? Enter your redirect signin URI:
10    `myapp://`
11? Do you want to add another redirect signin URI
12    `No`
13? Enter your redirect signout URI:
14    `myapp://`
15? Do you want to add another redirect signout URI
16    `No`
17? Select the social providers you want to configure for your user pool:
18    `Sign in with Apple`
19? Enter your Services ID for your OAuth flow:
20    `<your Service ID>`
21? Enter your Team ID for your OAuth flow:
22    `<your Team ID>`
23? Enter your Key ID for your OAuth flow:
24    `<your Key ID>`
25? Enter your Private Key for your OAuth flow (entire key without line breaks):
26    `<the entire content -----BEGIN PRIVATE KEY----- <key> -----END PRIVATE KEY----- from your .p8 file in a single line>`

Run amplify push to publish your changes. Once finished, it will display an auto generated URL for your web UI. You can retrieve your user pool domain URL at anytime by running amplify status using the CLI.

You need to now inform your auth provider of this URL:

  1. Sign In to your Facebook developer account with your Facebook credentials.

  2. Choose My Apps from the top navigation bar, and on the Apps page, choose your App you created before.

  3. On the left navigation bar, choose Products. Add Facebook Login if it isn't already added.

  4. If already added, choose Settings under the Configure dropdown. The Settings option is circled from the configure dropdown.

  5. Under Valid OAuth Redirect URIs type your user pool domain with the /oauth2/idpresponse endpoint.

    https://<your-user-pool-domain>/oauth2/idpresponse

Userpool domain is pasted into the text field with /oauth2/ endpoint.

  1. Save changes.

Federated sign-in does not invoke any Custom authentication challenge Lambda triggers, Migrate user Lambda trigger, Custom message Lambda trigger, or Custom sender Lambda triggers in your user pool. For information on the supported Lambda triggers refer to the AWS documentation

Update Info.plist

Signin with web UI require the Amplify plugin to show up the signin UI inside a webview. After the signin process is complete it will redirect back to your app. You have to enable this in your app's Info.plist. Right click Info.plist and then choose Open As > Source Code. Add the following entry in the URL scheme:

<plist version="1.0"> <dict> <!-- YOUR OTHER PLIST ENTRIES HERE --> <!-- ADD AN ENTRY TO CFBundleURLTypes for Cognito Auth --> <!-- IF YOU DO NOT HAVE CFBundleURLTypes, YOU CAN COPY THE WHOLE BLOCK BELOW --> <key>CFBundleURLTypes</key> <array> <dict> <key>CFBundleURLSchemes</key> <array> <string>myapp</string> </array> </dict> </array> <!-- ... --> </dict>
1<plist version="1.0">
2

3     <dict>
4     <!-- YOUR OTHER PLIST ENTRIES HERE -->
5

6     <!-- ADD AN ENTRY TO CFBundleURLTypes for Cognito Auth -->
7     <!-- IF YOU DO NOT HAVE CFBundleURLTypes, YOU CAN COPY THE WHOLE BLOCK BELOW -->
8     <key>CFBundleURLTypes</key>
9     <array>
10         <dict>
11             <key>CFBundleURLSchemes</key>
12             <array>
13                 <string>myapp</string>
14             </array>
15         </dict>
16     </array>
17

18     <!-- ... -->
19     </dict>

When creating a new SwiftUI app using Xcode 13 no longer require configuration files such as the Info.plist. If you are missing this file, click on the project target, under Info, Url Types, and click '+' to add a new URL Type. Add myapp to the URL Schemes. You should see the Info.plist file now with the entry for CFBundleURLSchemes.

Launch Social Web UI Sign In

Sweet! You're now ready to launch sign in with your social provider's web UI.

Invoke this api with whatever provider you're using (shown with Facebook below):

func socialSignInWithWebUI() async { do { let signInResult = try await Amplify.Auth.signInWithWebUI(for: .facebook, presentationAnchor: self.view.window!) if signInResult.isSignedIn { print("Sign in succeeded") } } catch let error as AuthError { print("Sign in failed \(error)") } catch { print("Unexpected error: \(error)") } }
1func socialSignInWithWebUI() async {
2    do {
3        let signInResult = try await Amplify.Auth.signInWithWebUI(for: .facebook, presentationAnchor: self.view.window!)
4        if signInResult.isSignedIn {
5            print("Sign in succeeded")
6        }
7    } catch let error as AuthError {
8        print("Sign in failed \(error)")
9    } catch {
10        print("Unexpected error: \(error)")
11    }
12}
PREVIOUS
Enable guest access
NEXT
Enable sign-out

Amplify open source software, documentation and community are supported by Amazon Web Services.

© 2023, Amazon Web Services, Inc. and its affiliates.

All rights reserved. View the site terms and privacy policy.

Flutter and the related logo are trademarks of Google LLC. We are not endorsed by or affiliated with Google LLC.