Making Google account selector screen mandatory - authentication

So I have implemented Google authentication by using AWS Amplify (federatedSignIn) in my React app. Apparently, I want to make the google account selector screen mandatory for the user to select an account to log in. Apparently, it works only when multiple google accounts are available to choose from, but if there is only one account, the system automatically uses it to login?
How can I enforce the selection screen with only one account?

That is google's functionality. You cannot change how google handles their login requests.
See more: https://developers.google.com/identity/toolkit/web/federated-login

Related

Google OAuth Consent - Internal - Multiple separate organisations

I'm trying to setup a Google OAuth consent screen but I have two separate google workspace accounts. The two accounts are completely separate.
I have the consent screen setup, working perfectly for the one workspace "domain-a.com" as an Internal User Type to make sure only users within "domain-a.com" can login.
I'd like to also allow "domain-b.com" accounts from the other google workspace to also be able to login.
I'm wondering if this is at all possible? Or is my only option to set the User Type to external and then vet the domains in my auth flow?
I was hoping it would possible to somehow authorise "domain-b.com" on the "domain-a.com" workspace without adding all the additional domain aliases to users etc? I do see the Domain Verification option under the APIs and Services screen, but this only mentions webhooks.
Any help would be appreciated
I think setting the type to external is the only way to achieve this.
Does your app use any sensitive scopes? If so, then setting the app to external means that your app might require verification unless you mark the app as trusted in both Workspace accounts.

AWS Cognito with social login Google, Facebook, Apple and react native

I'm working currently on the implementation of social login using react-native and aws cognito. For now, it's working well (with or without amplify), but the issue is that I have to open a webview using the cognito hosted UI, which redirect directly to Google / Facebook / Apple. So basically, when the user click on the google signin button, there is a messagethis kind of message "myapp wants to open amazoncognito to connect...". As a user experience, it is quite mediocre, so I am wondering if it is possible to implement a different signin flow so not to redirect to an external url.
I have tried the implemntation with react-native-google-signin, but in that case, I have to use aws federated identities instead of my user pool (typically, the gogole signin retrieve an id token that can be pass to cognito federated identities). So I do not really like that solution...
I don't know exactly the process of signing up with a social login provider but if someone has ever met the issue and found a user friendly way to implement it, I am obviously interested in the solution ! (One option would be to figure out how to use the IdToken generated by Google to sign the user in my Cognito user pool, the other would be to directly use an iframe to open facebook, google, apple, so at least the message would not appear).
Thank you for you help !

Is there a way for checking the count of users who used Google login using the client-id provided by Google

I have an app that uses Google login as one of the modes for login/signup the users in the app. Unfortunately, I missed saving the user-id received after logging-in using Google, and therefore, I can't seem to find the users who have used Google for creating the account on my app.
Is there a way I can track the count of the users who has used the Google login using the client-id Google provides while integrating the Google login button?

How to tie an account from a backend server to a google assistant user

I have a web application setup to handle webhook requests from an Actions-on-Google/Dialogflow application using the Google Assistant. Users don't need to sign-in to a google account in order to use my web application and I'd prefer to keep it that way, so that users can sign in with any email address.
I also want my users to be able to interact with my application using the Google Assistant, and be able to access personal/contextual data via the assistant (i.e. when a speaker says, "what's on my shopping list", the web app needs to be able to know what my means).
Currently, I have this working by using my web app to issue a unique short code to my user (in the web app UI) and then with an intent on the Assistant where the speaker says "My code is 1-2-3-4" and then my web app can identify the user from then on (by saving the userId from the webhook request to whatever user got the short code 1234 and then using that userId to lookup the user on each subsequent request.)
My question is, is there a better way to do this? Ideally, in my web app, I'd like to have something like an "Authorize Google Assistant" button, which would then link the user's google account to their web-app account, so that the conversation on the Assistant is seamless.
Has anyone done this before?
Thanks
This is the perfect use case for Account Linking with the Google Assistant.
From your users' perspective, they will start to use your Action. If they're doing so through a speaker and they haven't linked the account yet, they'll be directed to a mobile device to do so. On a mobile device, they'll be redirected to a page on your website where they will been to authenticate themselves and authorize your server to let them in through the Assistant. Once they have done so, they won't need to log in again, the accounts will be linked, and they'll be able to use the voice Action without further obstruction.
From your perspective as a developer, you'll need to setup an OAuth2 server (I suggest the code flow). That login process I mentioned is the first step in the OAuth dance, and will end up with you issuing a code to Google. They will then exchange this code for an Auth Token (with a limited lifetime) and a Refresh Token (which does not expire). They will periodically use the Refresh Token to get new, valid, Auth Tokens for this user. When the user issues a voice command, the Auth Token will be passed as a field in the JSON to your fulfillment server, and you can use this to verify who the user is and that they are authorized to use your service.

Firebase authentication: linking multiple provides

I followed the Firebase documentation to implement multiple authentication providers (Google and Facebook), and I am with the problem that I do not know how to solve.
Assuming my new User has Google providers and facebook with different emails is possible to perform the following login flow ?.
User enters the first app and resolves login with your Google account
Firebase create an account and link Google her provider.
The user exits the application.
User again performs login to the app, however this time he chooses the Facebook provider (which has different email Google).
firebase links the Facebook provider the account that is already linked to Google provider.
The Firebase documentation has a complete page dedicated to account linking. The samples in the page link to a Github repo where you can see the code in the context of an entire app that demonstrates it.
There's little use in use replicating the documentation here. If you're having trouble making a specific step work, share what you've done and the minimal code that shows where you are stuck.