Use Cognito's Google federated identity integration to allow your app users to login with their Google account.
- Allow your app users to login to your app with their Google account.
- Users are automatically provisioned (mirrored) to your Cognito user pool, should you decide to abandon Google as an SSO provider in the future (or allow your users to link multiple external accounts like Facebook, LinkedIn to the same Cognito user).
Here's a Sequence Diagram, describing the user's journey:
This repo is an example AWS CDK project that demonstrates how you can provision the whole AWS infrastructure, including a dummy NodeJS + Express + API Gateway (with public endpoints for login and protected endpoints to demonstrate a protected backend API with resources, only accessible to users that went through the Google SSO procedure).