Example of using AWS Cognito from a Java web-app
Switch branches/tags
Nothing to show
Clone or download
Latest commit 2e37253 Aug 9, 2017
Failed to load latest commit information.
src final naming/formatting changes before blog publication Dec 27, 2016
.gitignore Initial commit Dec 8, 2016
LICENSE Initial commit Dec 8, 2016
README.md update README Aug 9, 2017
pom.xml add Maven Jetty plugin Dec 12, 2016


A Java Web-app Using AWS Cognito

This is the example code for a blog post. Please read that post before downloading and building this project, as it explains a lot of the decisions that I made. Some of those decisions I would make again, some I wouldn't.

Cognito is marketed as a client-side technology. It also happens to be by far the worst-documented Amazon service that I've ever used. However, its feature set is compelling: you can manage users, provide validation of both email and mobile phone, and support multi-factor authentication. But, as I said, it's the worst-documented Amazon service that I've ever used.

Based on the documentation, reading the Android source code, and a bunch of experimentation, I've worked out how to use it from the server side. I've wrapped the basic operations in Java servlets, with some simple front-end pages to invoke them. Currently it supports the following features:

  • Users identified via email address.
  • Signup uses a temporary password, generated by Cognito.
  • Authentication using Cognito-generated tokens (with caching so we don't hit a call limit).

If you believe that I'm using Cognito incorrectly, feel free to open an issue. However, please do not use issues to ask debugging questions; Stack Overflow is a much better resource.

Building and Running

Start by creating the user pool. You can do this manually, or by running the provided script:

> src/scripts/cognito-create-userpool.sh Example Example
User Pool ID:  us-east-1_rCQ6gAd1Q
Client ID:     5co5s8e43krcdps2lrp4fo301i

Update src/main/webapp/WEB-INF/web.xml, setting the initialization parameters cognito_pool_id and cognito_client_id to the values output in the previous step.

You can build with Maven and deploy to your favorite app-server, import into your favorite IDE, or run with the Jetty plugin:

mvn jetty:run