Menu
I want to test custom user authorization with Cognito and do it from a simple java code. The problem is, the CognitoCachingCredentialsProvider requires an Android ApplicationContext and won't accept a null.
The whole flow is supposed to go like this:
Is there something I'm missing or do I just have the whole concept wrong? Any good tutorials on this? I've already went through every possible documentation on AWS but I find it really hard to wrap my head around it and there is not a single material on plain Java, only Android.
990
asked Oct 06 '15 13:10
Configure the external provider in the Amazon Cognito console. Choose Manage Identity Pools from the Amazon Cognito console home page : Choose the name of the identity pool where you want to enable Login with Amazon as an external provider. The Dashboard page for your identity pool appears.
AWS Cognito User Pool will send verification code by email or sms and the user enters the code to get verified with the User Pool. User enters username and password and logs in with Cognito User Pool in which case a token will be provided by Cognito upon successful login.
Amazon Cognito allows you to use groups to create a collection of users, which is often done to set the permissions for those users. In this post, I show you how to build fine-grained authorization to protect your APIs using Amazon Cognito, API Gateway, and AWS Identity and Access Management (IAM).
Generally Amazon Cognito is used from "untrusted" clients like mobile and JavaScript apps to vend temporary AWS Credentials directly to the end user. Since the most common Java client-side apps we see are Android apps, our guides focus on Android rather than plain Java, but the same process will work with the Java SDK.
When using Amazon Cognito's Developer Authenticated Identities feature as you mentioned you are doing, you'll get an OpenID Connect token back from the call to Amazon Cognito's GetOpenIdTokenForDeveloperIdentity on your backend (lambda) function. Your backend should provide that token to the client application after successfully authenticating the user.
Then the client-side application needs to make a call to Cognito's GetCredentialsForIdentity API (Java docs) passing in the token from the Server Side step above to get AWS Session Credentials as a Credentials object in the Java SDK. With these session credentials (which are effectively credentials from the AWS Security Token Service/STS), create a BasicSessionCredentials object, passing it the session credentials and session token as described under Explicitly Specifying Credentials in the Java SDK developer guide.
140
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
