This is the example code for a blog post. Please read that post before downloading and building this project, as it explains a lot of the decisions that I made. Some of those decisions I would make again, some I wouldn't.
Cognito is marketed as a client-side technology. It also happens to be by far the worst-documented Amazon service that I've ever used. However, its feature set is compelling: you can manage users, provide validation of both email and mobile phone, and support multi-factor authentication. But, as I said, it's the worst-documented Amazon service that I've ever used.
Based on the documentation, reading the Android source code, and a bunch of experimentation, I've worked out how to use it from the server side. I've wrapped the basic operations in Java servlets, with some simple front-end pages to invoke them. Currently it supports the following features:
- Users identified via email address.
- Signup uses a temporary password, generated by Cognito.
- Authentication using Cognito-generated tokens (with caching so we don't hit a call limit).
If you believe that I'm using Cognito incorrectly, feel free to open an issue. However, please do not use issues to ask debugging questions; Stack Overflow is a much better resource.
Start by creating the user pool. You can do this manually, or by running the provided script:
> src/scripts/cognito-create-userpool.sh Example Example
User Pool ID: us-east-1_rCQ6gAd1Q
Client ID: 5co5s8e43krcdps2lrp4fo301i
Update src/main/webapp/WEB-INF/web.xml, setting the initialization parameters cognito_pool_id and cognito_client_id to the values output in the previous step.
You can build with Maven and deploy to your favorite app-server, import into your favorite IDE, or run with the Jetty plugin:
mvn jetty:run