Example on AWS Cognito
This sample project has two examples namely for Cognito User Pool and for Cognito Identity Pool
Prerequisites for example 1 (Cognito User Pool Demo):
- Create an AWS account and get the access and secret key credentials
- In Cognito user pool dashboard, create an user pool
- In the attributes section, create the following custom attributes which are of the type String.
role, region, customer, facility and ipaddress - In the Apps section, register an App with the following options
(a) Enable the option "Generate Client Secret"
(b) Enable the option "Enable sign-in API for server-based authentication (ADMIN_NO_SRP_AUTH)"
(c) Disable or Have the option "Only allow Custom Authentication (CUSTOM_AUTH_FLOW_ONLY)" unchecked - Now create the app
- Once the app is created, open the file config.properties in the example here and update the following values
(a) access_key= your access key
(b) secret_key= your secret key
(c) userpool_id= user pool id you just created
(d) app_name= App name you just registered
(e) app_client_id=Client Id of the App you just registered
(f) app_client_secret=Client Secret of the App you just registered - Update the following key with values which are under the section user data
(a)userId= username of the user to be registered
(b)password=password of the user to be registered
(c)confirm_password=password for forgot password flow
(d)change_password=password for change password flow
- Java Class to be updated: com/demo/CognitoUserPoolDemo.java
- Open the java class com/demo/CognitoUserPoolDemo.java and update the region with your appropriate region
- Execute the java class com/demo/CognitoUserPoolDemo.java by uncommenting the required methods within the main method for
the appropriate flows.
SignUp - singUp
Verifying Email - verifyEmail
Login - login (once it is executed, copy the id_token, access_token and refresh_token from the console and paste them into the
config.properties)
SignOut - singOut
Update and Read User attributes - updateUserAttributes, getUsers
Forgot Password - forgotPassword
Confirm Password - confirmForgotPassword
Change Password - changePassword
Renew Access Token - renewAccessTokenUsingRefreshToken
Delete User -deleteUser
Prerequisites for example 2 (Cognito Identity Pool Demo):
- Create an Identity Pool in Cognito
- In the Authentication providers section, Select the "Cognito" tab and configure the User pool Id and App Client Id that we
created in the Example 1 above. - Open the config.properties and update the keys identity_pool_id and id_provider_name
- In the IAM dashboard, create an IAM role with the ReadOnly Access to S3 bucket
- Update the trust relationship of the role with following script and make sure you update the "Your Identity Pool Id"
with the actual Identity pool id
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Federated": "cognito-identity.amazonaws.com"
},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"StringEquals": {
"cognito-identity.amazonaws.com:aud": "Your Identity Pool Id"
},
"ForAnyValue:StringLike": {
"cognito-identity.amazonaws.com:amr": "authenticated"
}
}
}
]
} - Once the IAM role is created, copy the ARN of the role and update the role_arn property in the config.properties
- Create a S3 bucket in the same region where your identity pool is and and upload a text file to be read into the bucket
- Once the bucket is created, update the bucket_name and bucket_key properties in the config.properties
- Open the java class com/demo/CognitoUPIDProviderDemo.java and update the region with your appropriate region.
- Execute the main method of the java class com/demo/CognitoUPIDProviderDemo.java and Observe the results