AWSCognitoIdentityProvider Method Example for Cognito User Pools API

AWSCognitoIdentityProvider Method Example for Cognito User Pools API using Java

Amazon Cognito User Pools API are useful to create a user pool to manage directories and users. You can authenticate a user to obtain tokens related to user identity and access policies.

This Article provides information about user pools in Amazon Cognito User Pools.

AdminInitiateAuth

Initiates the authentication flow, as an administrator.

Calling this action requires developer credentials.

Request Syntax

{
   "AnalyticsMetadata": { 
      "AnalyticsEndpointId": "string"
   },
   "AuthFlow": "string",
   "AuthParameters": { 
      "string" : "string" 
   },
   "ClientId": "string",
   "ClientMetadata": { 
      "string" : "string" 
   },
   "ContextData": { 
      "EncodedData": "string",
      "HttpHeaders": [ 
         { 
            "headerName": "string",
            "headerValue": "string"
         }
      ],
      "IpAddress": "string",
      "ServerName": "string",
      "ServerPath": "string"
   },
   "UserPoolId": "string"
}

AuthFlow The authentication flow for this call to execute. The API action will depend on this value.

REFRESH_TOKEN_AUTH will take in a valid refresh token and return new tokens.

USER_SRP_AUTH will take in USERNAME and SRP_A and return the SRP variables to be used for next challenge execution.

USER_PASSWORD_AUTH will take in USERNAME and PASSWORD and return the next challenge or tokens.

Valid values include:

USER_SRP_AUTH: Authentication flow for the Secure Remote Password (SRP) protocol.

REFRESH_TOKEN_AUTH/REFRESH_TOKEN: Authentication flow for refreshing the access token and ID token by supplying a valid refresh token.

CUSTOM_AUTH: Custom authentication flow.

ADMIN_NO_SRP_AUTH: Non-SRP authentication flow; you can pass in the USERNAME and PASSWORD directly if the flow is enabled for calling the app client.

USER_PASSWORD_AUTH: Non-SRP authentication flow; USERNAME and PASSWORD are passed directly. If a user migration Lambda trigger is set, this flow will invoke the user migration Lambda if the USERNAME is not found in the user pool.

ADMIN_USER_PASSWORD_AUTH: Admin-based user password authentication. This replaces the ADMIN_NO_SRP_AUTH authentication flow. In this flow, Cognito receives the password in the request instead of using the SRP process to verify passwords.

Valid Values: USER_SRP_AUTH | REFRESH_TOKEN_AUTH | REFRESH_TOKEN | CUSTOM_AUTH | ADMIN_NO_SRP_AUTH | USER_PASSWORD_AUTH | ADMIN_USER_PASSWORD_AUTH

AuthParameters The authentication parameters. These are inputs corresponding to the AuthFlow that you are invoking. The required values depend on the value of AuthFlow:

For USER_SRP_AUTH: USERNAME (required), SRP_A (required), SECRET_HASH (required if the app client is configured with a client secret), DEVICE_KEY.

For REFRESH_TOKEN_AUTH/REFRESH_TOKEN: REFRESH_TOKEN (required), SECRET_HASH (required if the app client is configured with a client secret), DEVICE_KEY.

For ADMIN_NO_SRP_AUTH: USERNAME (required), SECRET_HASH (if app client is configured with client secret), PASSWORD (required), DEVICE_KEY.

For CUSTOM_AUTH: USERNAME (required), SECRET_HASH (if app client is configured with client secret), DEVICE_KEY. To start the authentication flow with password verification, include ChallengeName: SRP_A and SRP_A: (The SRP_A Value).

ClientId The app client ID.

We have code for that

Maven dependency

 
 
    	<dependency>
		    <groupId>com.amazonaws</groupId>
		    <artifactId>aws-java-sdk-core</artifactId>
		    <version>1.11.764</version>
		</dependency>

			<dependency>
		    <groupId>com.amazonaws</groupId>
		    <artifactId>aws-java-sdk-cognitoidp</artifactId>
		    <version>1.11.764</version>
          </dependency>


		<dependency>
		    <groupId>com.amazonaws</groupId>
		    <artifactId>aws-java-sdk</artifactId>
		    <version>1.11.360</version>
		</dependency>
 
 
	

We have cognitoClient instance

  public static AWSCognitoIdentityProvider getAWSCognitoIdentityClient() {
	System.setProperty("aws.accessKeyId", "-- your accessKey Id--");
	System.setProperty("aws.secretKey", "-- your secret Key--");
	AWSCognitoIdentityProvider cognitoClient = AWSCognitoIdentityProviderClientBuilder.standard().withRegion(Regions.AP_SOUTH_1).withCredentials(new SystemPropertiesCredentialsProvider()).build();
	return client;
}
	

		try {
			AWSCognitoIdentityProvider client = getAWSCognitoIdentityClient();
			
			Final Map<String String> authParams = new HashMap<String String>();
			authParams.put("USERNAME", "username");
			authParams.put("PASSWORD", "password");
			final AdminInitiateAuthRequest initiateAuthRequest = new AdminInitiateAuthRequest()
			.withClientId(clientId).withUserPoolId("userPoolId").withAuthFlow(AuthFlowType.ADMIN_USER_PASSWORD_AUTH)
			.withAuthParameters(authParams);
			
			final AdminInitiateAuthResult result = client.adminInitiateAuth(initiateAuthRequest);
			System.out.println("Result is : " + result);
 
			}
		} catch (Exception e) {
			e.printStackTrace();
		}
 

Response Syntax

{
   "AuthenticationResult": { 
      "AccessToken": "string",
      "ExpiresIn": number,
      "IdToken": "string",
      "NewDeviceMetadata": { 
         "DeviceGroupKey": "string",
         "DeviceKey": "string"
      },
      "RefreshToken": "string",
      "TokenType": "string"
   },
   "ChallengeName": "string",
   "ChallengeParameters": { 
      "string" : "string" 
   },
   "Session": "string"
}

For the more information please go through AdminInitiateAuth article.

In this article, we have seen AWSCognitoIdentityProvider Method Example for Cognito User Pools API using Java. All source code in the article can be found in the GitHub repository.