This repo is a learning-focused proof of concept for adding social SSO (Google) to a static SPA hosted on AWS, using:
- Cognito Hosted UI + OAuth 2.0
- CloudFront + S3 static hosting
- Route53 + ACM (DNS + TLS)
- Two progressively more “real” front-end examples:
- a tiny vanilla JS smoke test
- a ClojureScript re-frame app (Polylith workspace)
- Start with smoke → smoke-pkce → polylith webapp-pkce
Use this first if you just want to confirm that DNS/ACM/CloudFront/Cognito are wired correctly.
- Go to:
smoke/ - Run:
./scripts/check-prereqs.shthen./scripts/deploy.sh - Upload the smoke files to the bucket (see the folder README)
This is the recommended OAuth flow for browser-based apps.
- Go to:
smoke-pkce/ - Run:
./scripts/check-prereqs.shthen./scripts/deploy.sh - Configure
app.jsfromapp.example.js(see the folder README)
This is the full ClojureScript implementation with reusable components.
- Go to:
polylith/ - Start with:
polylith/README.md
Both smoke/ and smoke-pkce/ assume they own the same DNS + CloudFront alias + Cognito domain config by default.
If you switch between them, destroy the previous stacks first (instructions are in each README),
or override PROJECT_NAME, DOMAIN_NAME, and COGNITO_DOMAIN_PREFIX.
smoke/— implicit-flow smoke test + standalone infra/scriptssmoke-pkce/— PKCE smoke test + standalone infra/scriptspolylith/— Polylith workspace for the re-frame PKCE app
Do not commit app.js files that contain your environment-specific values:
smoke/app.jssmoke-pkce/app.js
Each folder includes .gitignore entries and guidance.
See SECURITY.md for additional notes.