Cognito is marketed as a client-side technology. It also happens to be by far the worst-documented Amazon service that I've ever used. However, its feature set is compelling: you can manage users, provide validation of both email and mobile phone, and support multi-factor authentication. But, as I said, it's the worst-documented Amazon service that I've ever used.
Based on the documentation, reading the Android source code, and a bunch of experimentation, I've worked out how to use it from the server side. I've wrapped the basic operations in Java servlets, with some simple front-end pages to invoke them. Currently it supports the following features:
- Users identified via email address.
- Signup uses a temporary password, generated by Cognito.
- Authentication using Cognito-generated tokens (with caching so we don't hit a call limit).
There is a blog post that describes this code in more detail.
If you believe that I'm using Cognito incorrectly, feel free to open an issue.
Start by creating the user pool. You can do this manually, or by running the provided script:
> src/scripts/cognito-create-userpool.sh Example Example
User Pool ID: us-east-1_rCQ6gAd1Q
Client ID: 5co5s8e43krcdps2lrp4fo301i
Update src/main/webapp/WEB-INF/web.xml, setting the initialization parameters cognito_pool_id and cognito_client_id to the values output in the previous step.
You can build with Maven and deploy to your favorite app-server, import into your favorite IDE, or run with the Jetty plugin:
mvn jetty:run