feat(auth): support custom domain for external identity provider

[mengcao]

Problem

The problem is articulated well in #2350. Currently, when leveraging external identity providers in an Amplify app, it is not allowed to specify a custom domain. As a result, when app customers login with the external identity provider such as Google, they are prompted with a cryptic domain name such as db049484d0476df65368.auth.us-east-1.amazoncognito.com. This cryptic domain name is not trust-inspiring and prevents the customers from further using the app.

This PR adds support for creating a custom domain for the user pool. Instead of the cryptic domain name, developer of the Amplify app can provide a custom domain associated with their own brand.

Please note that this PR is different from #3056. #3056 allows developers to specify a custom domain prefix, so that the customers of the Amplify app will be prompted with a domain name such as <your-app>.auth.us-east-1.amazoncognito.com. Meanwhile this PR allows developers to specify a complete custom domain for the user pool, so that their customers will be prompted with <your-app>.com.

Issue number, if available:
#2350

Changes

1. added customDomainOptions?: CustomDomainOptions for type ExternalProviderOptions in packages/auth-construct/src/types.ts for necessary information needed to create a custom domain.
2. added setupCustomDomain in packages/auth-construct/src/construct.ts to create the custom domain and necessary resources for the external identity provider login workflow by following this AWS Cognito instruction.
3. adjusted packages/auth-construct/src/construct.ts to use the custom domain domain name in amplify_outputs.json if the custom domain is created.
4. added unit tests to cover the new functionality.

With this PR, the developer can specify and create custom domain as part of defineAuth in the following way

export const auth = defineAuth({
  loginWith: {
    email: true,
    externalProviders: {
      google: {
        clientId: ...,
        clientSecret: ...,
        ...,
      },
      ...,
      customDomainOptions: {
        hostedZone: {
          hostedZoneId: <host-zone-id>,
          zoneName: <zone-name>,
        },
        domainName: <domain-name>,
      },
    },
  },
  ...,
};

Corresponding docs PR, if applicable:

Validation

I added unit tests to cover this change. I also tested this change locally with my Amplify app.

Checklist

• If this PR includes a functional change to the runtime behavior of the code, I have added or updated automated test coverage for this change.
• If this PR requires a change to the Project Architecture README, I have included that update in this PR.
• If this PR requires a docs update, I have linked to that docs PR above.
• If this PR modifies E2E tests, makes changes to resource provisioning, or makes SDK calls, I have run the PR checks with the run-e2e label set.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[changeset-bot]

🦋 Changeset detected

Latest commit: 4e80850

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
@aws-amplify/auth-construct	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[mengcao]

@ShadowCat567 do you think you can review this PR? It is similar to #3024 but for creating new User Pool, instead of referencing existing User Pool.

Thanks in advance!