Update (April 2019): Updated the client code to reflect the latest auth changes with AWS SDK for iOS (2.8.0+) and AWS Amplify.

We are continuing to build on using social login providers as a mobile authentication mechanism, allowing your users to authenticate within your iOS cloud-enabled app. In this article, we are going to integrate Google Sign-In into our iOS app. In the previous article, “Facebook Login Using AWS Amplify and Amazon Cognito”, we used Amazon Identity Pool to federate authentication through Facebook Login. Before that article, we used Amazon Cognito User Pools as basic auth to manage our app user directory and each user created a new account and authenticated with their username/password, unique to your app.

With Google Sign-In integration, instead of creating a new account via Cognito User Pools, or federating Facebook, the user can simply choose the Sign in with Google button in your app and authenticate via Google using their Google credentials, all while staying within your app flow.

Note: Your app can support any combination of Facebook, Google, or username/password. You’re not limited to one social provider or basic auth.

The abriddge

Step 1: Google OAuth Client IDs

Goal: The end goal here is to obtain an OAuth Web Client ID and iOS Client ID to utilize Google Sign-in in your app. These client ids are in the form of a URL. You’ll copy both client IDs from the Google developer portal and save them for later.

How it works: To implement Google Sign-in into your iOS app, you need an OAuth Web & iOS Client ID. These Client IDs are part of your Google Developers project. The Web Client ID will be used by Cognito Identity Pools to manage the OAuth flow between Cognito and Google on the server side. The iOS Client ID will be used in your iOS app to authorize the OAuth flow directly with Google allowing your users to authenticate with Google using their Google login credentials.

Implementation: There are a few ways to generate (Web and iOS) Client IDs. The easiest way that I have found is following the ‘start-integrating’ section of the Google Developer portal. This allows you to create a new project or select an existing one, auto-generates the Web Client ID in the background and creates an iOS Client ID for you to copy.

NOTE: The creation and configuration steps for creating OAuth Clients for Google Sign-In is constantly changing, so always refer to the official setup instructions from Google.

Start here:

A. Log into https://developers.google.com/identity/sign-in/ios/start-integrating

B. Scroll down to Get an OAuth client ID and select the CREATE AN OAUTH CLIENT ID button. IGNORE everything else on that page.

C. Follow the steps for your own project as outlined in the animated gif.

Create a new project or select an existing project.

Provide a product name that’ll be shown to the user.

Specify iOS as your specific application environment for OAuth client.

Provide your iOS application bundle identifier (e.g. com.domain.appname)

Select Done.

D. Now, obtain your Web Client ID and iOS Client ID from your Google project credentials page: https://console.developers.google.com/apis/credentials

E. With your project selected, under OAuth 2.0 client IDs, copy and save the Web Client ID (associated with the Web application type) and the iOS Client ID (associated with the iOS type) for the next step.