AWS Security ChangesHomeSearch

AWS cognito documentation change

Service: cognito · 2025-04-16 · Documentation low

File: cognito/latest/developerguide/google.md

Summary

Removed Unity and Xamarin platform integration documentation from Google authentication guide

Security assessment

The changes remove platform-specific implementation guides but contain no evidence of addressing security vulnerabilities or weaknesses. This appears to be routine documentation pruning rather than security-related updates.

Diff

diff --git a/cognito/latest/developerguide/google.md b/cognito/latest/developerguide/google.md
index 35f4df360..ff43e42e7 100644
--- a//cognito/latest/developerguide/google.md
+++ b//cognito/latest/developerguide/google.md
@@ -5 +5 @@
-AndroidiOS - Objective-CiOS - SwiftJavaScriptUnityXamarin
+AndroidiOS - Objective-CiOS - SwiftJavaScript
@@ -319,129 +318,0 @@ Successful authentication results in a response object that contains an `id_toke
-## Unity
-
-###### Setting up Google
-
-To enable Google Sign-in for a Unity app, create a Google Developers console project for your application.
-
-  1. Go to the [Google Developers console](https://console.developers.google.com/) and create a new project.
-
-  2. Choose **APIs & Services**, then **OAuth consent screen**. Customize the information that Google shows to your users when Google asks for their consent to share their profile data with your app.
-
-  3. Choose **Credentials** , then **Create credentials**. Choose **OAuth client ID**. Select **Web application** as the **Application type**. Create a separate client ID for each platform where you develop your app.
-
-  4. For Unity, create an additional **OAuth client ID** for **Android** , and another for **iOS**.
-
-  5. From **Credentials** , choose **Manage service accounts**. Choose **Create service account**. Enter your service account details, and choose **Create and continue**.
-
-  6. Grant the service account access to your project. Grant users access to the service account as your app requires.
-
-  7. Choose your new service account, choose the **Keys** tab, and **Add key**. Create and download a new JSON key.
-
-
-
-
-For more information about how to use the Google Developers console, see [Creating and managing projects](https://cloud.google.com/resource-manager/docs/creating-managing-projects) in the Google Cloud documentation.
-
-**Create an OpenID Provider in the IAM Console**
-
-  1. Create an OpenID Provider in the IAM Console. For information about how to set up an OpenID Provider, see [Using OpenID Connect Identity Providers](./open-id.html).
-
-  2. When prompted for your Provider URL, enter `"https://accounts.google.com"`.
-
-  3. When prompted to enter a value in the **Audience** field, enter any one of the three client IDs that you created in the previous steps.
-
-  4. Choose the provider name and add two more audiences with the two other client IDs.
-
-
-
-
-**Configure the External Provider in the Amazon Cognito Console**
-
-Choose **Manage Identity Pools** from the [Amazon Cognito Console home page](https://console.aws.amazon.com/cognito/home):
-
-###### To add a Google identity provider (IdP)
-
-  1. Choose **Identity pools** from the [Amazon Cognito console](https://console.aws.amazon.com/cognito/home). Select an identity pool.
-
-  2. Choose the **User access** tab.
-
-  3. Select **Add identity provider**.
-
-  4. Choose **Google**.
-
-  5. Enter the **Client ID** of the OAuth project you created at [Google Cloud Platform](https://console.cloud.google.com/). For more information, see [Setting up OAuth 2.0](https://support.google.com/cloud/answer/6158849) in _Google Cloud Platform Console Help_.
-
-  6. To set the role that Amazon Cognito requests when it issues credentials to users who have authenticated with this provider, configure **Role settings**.
-
-    1. You can assign users from that IdP the **Default role** that you set up when you configured your **Authenticated role** , or you can **Choose role with rules**.
-
-      1. If you chose **Choose role with rules** , enter the source **Claim** from your user's authentication, the **Operator** that you want to compare the claim by, the **Value** that will cause a match to this role choice, and the **Role** that you want to assign when the **Role assignment** matches. Select **Add another** to create an additional rule based on a different condition.
-
-      2. Choose a **Role resolution**. When your user's claims don't match your rules, you can deny credentials or issue credentials for your **Authenticated role**.
-
-  7. To change the principal tags that Amazon Cognito assigns when it issues credentials to users who have authenticated with this provider, configure **Attributes for access control**.
-
-    1. To apply no principal tags, choose **Inactive**.
-
-    2. To apply principal tags based on `sub` and `aud` claims, choose **Use default mappings**.
-
-    3. To create your own custom schema of attributes to principal tags, choose **Use custom mappings**. Then enter a **Tag key** that you want to source from each **Claim** that you want to represent in a tag.
-
-  8. Select **Save changes**.
-
-
-
-
-**Install the Unity Google Plugin**
-
-  1. Add the [Google Play Games plugin for Unity](https://github.com/playgameservices/play-games-plugin-for-unity) to your Unity project.
-
-  2. In Unity, from the **Windows** menu, use the three IDs for the Android and iOS platforms to configure the plugin.
-
-
-
-
-**Use Google**
-
-The following example code shows how to retrieve the authentication token from the Google Play service:
-    
-    
-    void Start()
-    {
-      PlayGamesClientConfiguration config = new PlayGamesClientConfiguration.Builder().Build();
-      PlayGamesPlatform.InitializeInstance(config);
-      PlayGamesPlatform.DebugLogEnabled = true;
-      PlayGamesPlatform.Activate();
-      Social.localUser.Authenticate(GoogleLoginCallback);
-    }
-    
-    void GoogleLoginCallback(bool success)
-    {
-      if (success)
-      {
-        string token = PlayGamesPlatform.Instance.GetIdToken();
-        credentials.AddLogin("accounts.google.com", token);
-      }
-      else
-      {
-        Debug.LogError("Google login failed. If you are not running in an actual Android/iOS device, this is expected.");
-      }
-    }
-    
-
-## Xamarin
-
-###### Note
-
-Amazon Cognito doesn't natively support Google on the Xamarin platform. Integration currently requires the use of a web view to go through the browser sign-in flow. To learn how Google integration works with other SDKs, please select another platform.
-
-To enable login with Google in your application, authenticate your users and obtain an OpenID Connect token from them. Amazon Cognito uses this token to generate a unique user identifier that is associated with an Amazon Cognito identity. Unfortunately, the Google SDK for Xamarin doesn't allow you to retrieve the OpenID Connect token, so use an alternative client or the web flow in a web view.
-
-After you have the token, you can set it in your `CognitoAWSCredentials`:
-    
-    
-    credentials.AddLogin("accounts.google.com", token);
-
-###### Note
-
-If your app uses Google and is available on multiple mobile platforms, you should configure Google as an [OpenID Connect Provider](./open-id.html). Add all created client IDs as additional audience values for better integration. To learn more about Google's cross-client identity model, see [Cross-client Identity](https://developers.google.com/accounts/docs/CrossClientAuth).
-