I have been trying to add an OIDC provider in AWS Cognito. I chose Google as the provider and set up all the credentials in the user pool federated identity section.
So I am using multiple user pool, where each user pool is for each customer. ( i have multitenant architecture)
Now according to all the documentation I read, they are saying I need a "user pool domain", which is according to my understanding is https://custom_name.auth.region.amazoncognito.com
Amplify.configure({
"Auth":{
"mandatorySignIn":true,
"region":"us-east-2",
"userPoolId":"poolId",
"userPoolWebClientId":"clientId",
"authenticationFlowType":"USER_PASSWORD_AUTH",
"oauth":{
"domain":"customname.auth.us-east-2.amazoncognito.com",
"scope":[
"email",
"openid"
],
"redirectSignIn":"https://sub.domain.com",
"redirectSignOut":"https://sub.domain.com/logout",
"responseType":"code"
}
}
})
I have to provide this domain as the redirected URI in google, which will show "redirect to amazoncognito.com" when user tries to sign in.
which is not acceptable. It should only show my domain. Now to do this, I should create custom domain that has a hard limit of 4 in aws.
So am I missing something? or Cognito cannot be used for multitenant architecture.
or is there any way to do OIDC authentication using some custom amplify function?
