At Amazon Web Services (AWS), we’re focused on finding ways to improve our products and provide a better customer experience. To do that, we need your feedback. Please take 5 minutes of your time to share insights regarding your experience with Java Spring and your need for Spring integration with AWS.
Click here to take a quick survey
This survey is hosted by an external company (Qualtrics), so the link above does not
lead to our
website. Please note that AWS will own the data gathered via this survey, and will
not share the
information/results collected with survey respondents. AWS handles your information
as described
in the AWS Privacy Notice
Working with Amazon Cognito
With Amazon Cognito, you can quickly add user sign-up or sign-in capability to your web or mobile app. The examples here demonstrate some of the basic functionality of Cognito.
Create a user pool
A user pool is a directory of users that you can configure for your web or mobile app.
To create a user pool, start by building a
CreateUserPoolRequestpoolName(). Call the
createUserPool() method of your
CreateUserPoolRequestCreateUserPoolRequest object. You can capture the result of this
request as a
CreateUserPoolResponse
Imports
import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.cognitoidentityprovider.CognitoIdentityProviderClient; import software.amazon.awssdk.services.cognitoidentityprovider.model.CognitoIdentityProviderException; import software.amazon.awssdk.services.cognitoidentityprovider.model.CreateUserPoolRequest; import software.amazon.awssdk.services.cognitoidentityprovider.model.CreateUserPoolResponse;
Code
public static String createPool(CognitoIdentityProviderClient cognitoclient,String userPoolName ) { try { CreateUserPoolResponse userPoolResponse = cognitoclient.createUserPool( CreateUserPoolRequest.builder() .poolName(userPoolName) .build() ); return userPoolResponse.userPool().id(); } catch (CognitoIdentityProviderException e){ System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); } return "";
See the complete example
List users from a user pool
To list users from your user pools, start by building a
ListUserPoolsRequestmaxResults().
Call the listUserPools() method of your
CognitoIdentityProviderClient, passing in the ListUserPoolsRequest
object. You can capture the result of this request as a
ListUserPoolsResponse
Imports
import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.cognitoidentityprovider.CognitoIdentityProviderClient; import software.amazon.awssdk.services.cognitoidentityprovider.model.CognitoIdentityProviderException; import software.amazon.awssdk.services.cognitoidentityprovider.model.ListUserPoolsResponse; import software.amazon.awssdk.services.cognitoidentityprovider.model.ListUserPoolsRequest; import software.amazon.awssdk.services.cognitoidentityprovider.model.UserPoolDescriptionType;
Code
public static void listAllUserPools(CognitoIdentityProviderClient cognitoclient ) { try { ListUserPoolsResponse response = cognitoclient .listUserPools( ListUserPoolsRequest.builder() .maxResults(10) .build() ); for (UserPoolDescriptionType userpool : response.userPools()) { System.out.println("User pool " + userpool.name() + ", User ID " + userpool.id() + ", Status " + userpool.status()); } } catch (CognitoIdentityProviderException e){ System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); }
See the complete example
Create an identity pool
An identity pool is a container that organizes the IDs from your external identity
provider,
keeping a unique identifier for each user. To create an identity pool, start by building
a
CreateIdentityPoolRequestidentityPoolName(). Set
allowUnauthenticatedIdentities() to true or false. Call the
createIdentityPool() method of your CognitoIdentityClient object,
passing in the CreateIdentityPoolRequest object. You can capture the result of this
request as a
CreateIdentityPoolResponse
Imports
import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.cognitoidentity.CognitoIdentityClient; import software.amazon.awssdk.services.cognitoidentity.model.CreateIdentityPoolRequest; import software.amazon.awssdk.services.cognitoidentity.model.CreateIdentityPoolResponse; import software.amazon.awssdk.services.cognitoidentityprovider.model.CognitoIdentityProviderException;
Code
public static String createIdPool(CognitoIdentityClient cognitoclient, String identityPoolName ) { try { CreateIdentityPoolResponse response = cognitoclient.createIdentityPool( CreateIdentityPoolRequest.builder() .allowUnauthenticatedIdentities(false) .identityPoolName(identityPoolName) .build() ); return response.identityPoolId(); } catch (CognitoIdentityProviderException e){ System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); } return "";
See the complete example
Add an app client
To enable the hosted web sign-up or sign-in UI for your app, create an app client.
To create an app
client, start by building a
CreateUserPoolClientRequestclientName(). Set
userPoolId() to the ID of the user pool to which you want to attach this
app client. Call the createUserPoolClient() method of your
CognitoIdentityProviderClient, passing in the CreateUserPoolClientRequest
object. You can capture the result of this request as a
CreateUserPoolClientResponse
Imports
import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.cognitoidentityprovider.CognitoIdentityProviderClient; import software.amazon.awssdk.services.cognitoidentityprovider.model.CognitoIdentityProviderException; import software.amazon.awssdk.services.cognitoidentityprovider.model.CreateUserPoolClientRequest; import software.amazon.awssdk.services.cognitoidentityprovider.model.CreateUserPoolClientResponse;
Code
public static void createPoolClient ( CognitoIdentityProviderClient cognitoclient, String clientName, String userPoolId ) { try { CreateUserPoolClientResponse repsonse = cognitoclient.createUserPoolClient( CreateUserPoolClientRequest.builder() .clientName(clientName) .userPoolId(userPoolId) .build() ); System.out.println("User pool " + repsonse.userPoolClient().clientName() + " created. ID: " + repsonse.userPoolClient().clientId()); } catch (CognitoIdentityProviderException e){ System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); }
See the complete example
Add a third-party identity provider
Adding an external identity provider (IdP) enables your users to log into your app
using that
service’s login mechanism. To add a third-party IdP, start by building an
UpdateIdentityPoolRequestidentityPoolName().
Set allowUnauthenticatedIdentities() to true or false, specify the
identityPoolId(), and define which login providers will be supported with
supportedLoginProviders(). Call the updateIdentityPool()
method of your CognitoIdentityClient, passing in the
UpdateIdentityPoolRequest object. You can capture the result of this request as an
UpdateIdentityPoolResponse
Imports
import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.cognitoidentity.CognitoIdentityClient; import software.amazon.awssdk.services.cognitoidentity.model.CognitoIdentityProvider; import software.amazon.awssdk.services.cognitoidentity.model.UpdateIdentityPoolRequest; import software.amazon.awssdk.services.cognitoidentity.model.UpdateIdentityPoolResponse; import software.amazon.awssdk.services.cognitoidentityprovider.model.CognitoIdentityProviderException; import java.util.ArrayList; import java.util.List;
Code
public static void setLoginProvider(CognitoIdentityClient cognitoclient, String appId, String identityPoolName, String identityPoolId, String providerName) { CognitoIdentityProvider identityProvider = CognitoIdentityProvider.builder() .providerName(providerName) .clientId(appId) .build(); List<CognitoIdentityProvider> proList = new ArrayList<>(); proList.add(identityProvider); try { UpdateIdentityPoolRequest poolRequest = UpdateIdentityPoolRequest.builder() .allowUnauthenticatedIdentities(true) .identityPoolName(identityPoolName) .identityPoolId(identityPoolId) .cognitoIdentityProviders(proList) .build() ; UpdateIdentityPoolResponse response = cognitoclient.updateIdentityPool(poolRequest); List<CognitoIdentityProvider> providers = response.cognitoIdentityProviders(); for (CognitoIdentityProvider provider: providers) { System.out.println("The client ID is : "+provider.clientId()); System.out.println("The provider name is : "+provider.providerName()); } } catch (CognitoIdentityProviderException e){ System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); }
See the complete example
Get credentials for an ID
To get the credentials for an identity in an identity pool, first build a
GetCredentialsForIdentityRequestidentityId(). Call the
getCredentialsForIdentity() method of your CognitoIdentityClient,
passing in the GetCredentialsForIdentityRequest. You can capture the result of this
request as a
GetCredentialsForIdentityResponse
Imports
import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.cognitoidentity.CognitoIdentityClient; import software.amazon.awssdk.services.cognitoidentity.model.GetCredentialsForIdentityRequest; import software.amazon.awssdk.services.cognitoidentity.model.GetCredentialsForIdentityResponse; import software.amazon.awssdk.services.cognitoidentityprovider.model.CognitoIdentityProviderException;
Code
public static void getCredsForIdentity(CognitoIdentityClient cognitoclient, String identityId) { try { GetCredentialsForIdentityRequest getCredentialsForIdentityRequest = GetCredentialsForIdentityRequest.builder() .identityId(identityId) .build(); GetCredentialsForIdentityResponse response = cognitoclient.getCredentialsForIdentity(getCredentialsForIdentityRequest); System.out.println("Identity ID " + response.identityId() + ", Access key ID " + response.credentials().accessKeyId()); } catch (CognitoIdentityProviderException e) { System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); }
See the complete example
For more information, see the Amazon Cognito Developer Guide.