I've been playing around with creating a new webapp that you can only login (at least to start) with Google accounts. I read both of these articles: https://serverless-stack.com/examples/how-to-add-google-authentication-to-a-serverless-api.html https://serverless-stack.com/examples/how-to-add-google-login-to-your-cognito-user-pool.html Now I'm trying to make sure I am getting this correctly. I'm getting a little confused down the cognito user pool vs cognito identity pool rabbit hole, but I'm also getting confused with SST's Auth constructor and how the second article added support for Google accounts after the Auth constructor by adding

const provider = new cognito.UserPoolIdentityProviderGoogle(stack, "Google", {

Is there a way I can provide my Google clientId and clientSecret directly to the Auth constructor? Do I need an identity pool if I'm not providing access to AWS services (if not, how do I do that via the SST's Auth constructor)? Thanks for your help.

I guess you are confused by the naming. The *UserPool*IdentityProviderGoogle is actually a construct for linking Google IdP to a UserPool. So no, you don’t need IdentityPool for user auth. So I guess long story short is that you need to create a Google Provider with the secrets assigned to it (as in the links above) and link it to the Auth construct.

I have it working by following: https://serverless-stack.com/examples/how-to-add-google-login-to-your-cognito-user-pool.html One of the things I was wondering about was could that be done with less code, like in the other link. The other link included the google client ID in the parameters for the Auth constructor, but it doesn't have a parameter for the client secret. What does that do? Could I use that approach?

Hey @Jon Holman, +1 on @Arpad’s reply. If you don’t need to allow ur users to access AWS services, don’t use Cognito Identity Pool.

Thanks @Frank