AWS Mobile
Developer Guide

Add Authentication to the Notes App

In the previous section of this tutorial, we created a mobile backend project in AWS Mobile Hub, then added analytics to the sample note-taking app. This section assumes you have completed those steps. If you jumped to this step, please go back and start from the beginning. In this tutorial, we will configure a sign-up / sign-in flow in our mobile backend. We will then add a new authentication activity to our note-taking app.

You should be able to complete this section of the tutorial in 20-30 minutes.

Set Up Your Backend

Before we work on the client-side code, we need to add User Sign-in to the backend project:

  1. Open the AWS Mobile Hub console.

  2. Select your project.

  3. Scroll down to the Add More Backend Features section.

  4. Choose the User Sign-in tile.

  5. Choose Email and Password.

  6. Select the Username radio button and the Phone checkbox under it.

  7. Select Required for Multi-factor authentication.

  8. At the bottom of the page, set the Require user sign-in? switch to YES.

    What does this do?

    You have just created your own user pool in the Amazon Cognito service. When used in conjunction with the AWS Mobile sign-in process, the user pool enforces the password requirement rules you chose. It also supports sign-up and forgot my password user flows.

  9. Choose your project name in the upper left and then choose Integrate on your Android app card.

  10. Choose Download Cloud Config to get an awsconfiguration.json file updated with the new services.

  11. Choose Next and then choose Done.


Whenever you update the AWS Mobile Hub project, a new AWS configuration file for your app is generated.

Connect to Your Backend

Replace the awsconfiguration.json file in app/src/main/res/raw directory with the updated version.


Your system may have modified the filename to avoid conflicts. Make sure the file you add to your Xcode project is named awsconfiguration.json.

Add the Authentication UI Library

  1. Open the app/build.gradle file and add the following lines to the dependencies section:

    dependencies { compile fileTree(dir: 'libs', include: ['*.jar']) implementation '' implementation '' implementation '' implementation '' implementation '' implementation '' implementation '' implementation 'joda-time:joda-time:2.9.9' //AWS Mobile SDK for Android implementation 'com.amazonaws:aws-android-sdk-core:2.6.+' implementation 'com.amazonaws:aws-android-sdk-auth-core:2.6.+@aar' implementation 'com.amazonaws:aws-android-sdk-auth-ui:2.6.+@aar' implementation 'com.amazonaws:aws-android-sdk-auth-userpools:2.6.+@aar' implementation 'com.amazonaws:aws-android-sdk-cognitoidentityprovider:2.6.+' implementation 'com.amazonaws:aws-android-sdk-pinpoint:2.6.+' }
  2. Choose Sync Now on the upper right to incorporate the dependencies you just declared.

Register the Email and Password Sign-in Provider

The sign-in UI is provided by IdentityManager. Each method of establishing identity (email and password, Facebook and Google) requires a plug-in provider that handles the appropriate sign-in flow.

  1. Open your project in Android Studio.

  2. Open the class.

  3. Add the following to the import declarations:

    import com.amazonaws.auth.AWSCredentialsProvider; import; import; import; import com.amazonaws.mobileconnectors.pinpoint.PinpointConfiguration; import com.amazonaws.mobileconnectors.pinpoint.PinpointManager;
  4. Adjust the constructor to add the CognitoUserPoolsSignInProvider.

    private AWSProvider(Context context) { this.context = context; this.awsConfiguration = new AWSConfiguration(context); IdentityManager identityManager = new IdentityManager(context, awsConfiguration); IdentityManager.setDefaultIdentityManager(identityManager); identityManager.addSignInProvider(CognitoUserPoolsSignInProvider.class); }

Add a AuthenticatorActivity to the project

You can call the IdentityProvider at any point in your application. In this tutorial, we will add a new screen to the project that is displayed before the list. The user will be prompted to sign-up or sign-in prior to seeing the list of notes. This ensures that all connections to the backend will be authenticated.

To add a AuthenticatorActivity to the project, in Android Studio

  1. Right-click the folder.

  2. Choose New > Activity > Empty Activity.

  3. Type AuthenticatorActivity as the Activity Name.

  4. Choose Finish.

Edit the onCreate() method of as follows:

@Override protected void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); setContentView(R.layout.activity_authenticator); final IdentityManager identityManager = AWSProvider.getInstance().getIdentityManager(); // Set up the callbacks to handle the authentication response identityManager.login(this, new DefaultSignInResultHandler() { @Override public void onSuccess(Activity activity, IdentityProvider identityProvider) { Toast.makeText(AuthenticatorActivity.this, String.format("Logged in as %s", identityManager.getCachedUserID()), Toast.LENGTH_LONG).show(); // Go to the main activity final Intent intent = new Intent(activity, NoteListActivity.class) .setFlags(Intent.FLAG_ACTIVITY_CLEAR_TOP); activity.startActivity(intent); activity.finish(); } @Override public boolean onCancel(Activity activity) { return false; } }); // Start the authentication UI AuthUIConfiguration config = new AuthUIConfiguration.Builder() .userPools(true) .build(); SignInActivity.startSignInActivity(this, config); AuthenticatorActivity.this.finish(); }

What does this do?

The AWS SDK for Android contains an in-built activity for handling the authentication UI. This Activity sets up the authentication UI to work for just email and password, then sets up an activity listener to handle the response. In this case, we transition to the NoteListActivity when a successful sign-in occurs, and stay on this activity when it fails. Finally, we transition to the Sign-In activity from the AWS SDK for Android library.

Update the AndroidManifest.xml

The AuthenticatorActivity will be added to the AndroidManifest.xml automatically, but it will not be set as the default (starting) activity. To make the AuthenticatorActivity primary, edit the AndroidManifest.xml:

<activity android:name=".AuthenticatorActivity" android:label="Sign In" android:theme="@style/AppTheme.NoActionBar"> <intent-filter> <action android:name="android.intent.action.MAIN" /> <category android:name="android.intent.category.LAUNCHER" /> </intent-filter> </activity> <activity android:name=".NoteListActivity" android:label="@string/app_name" android:theme="@style/AppTheme.NoActionBar"> <!-- Remove the intent-filter from here --> </activity>

The .AuthenticatorActivity section is added at the end. Ensure it is not duplicated. You will see build errors if the section is duplicated.

Run the project and validate results

Run in the emulator using Run > Run 'app'. You should see a sign-in screen. Choose the Create new account button to create a new account. Once the information is submitted, you will be sent a confirmation code via email. Enter the confirmation code to complete registration, then sign-in with your new account.


Use Amazon WorkMail as a test email account

If you do not want to use your own email account as a test account, create an Amazon WorkMail service within AWS for test accounts. You can get started for free with a 30-day trial for up to 25 accounts.

            Demo of Notes tutorial app with user sign-in added.

Next steps