Amazon Cognito
Developer Guide

Example: Migrating Android Users with a Lambda Trigger

A user migration Lambda trigger allows easy migration of users from your existing user management system into your user pool without a password reset.

Set Up a User Migration Lambda Trigger

Before making changes in your Android app, set up a user migration Lambda for your user pool.

To learn more about Lambda triggers see Customizing User Pool Workflows with Lambda Triggers.

For more information about migrating users with a Lambda trigger see Importing Users into User Pools With a User Migration Lambda Trigger.

Android App Changes

Update your AWSCognitoIdentityProvider Android SDK to version 2.6.15 or above.

Authentication Flow for User Migration

You can authenticate your users and validate their passwords against your legacy system and seamlessly migrate their profiles into your user pool. However, the service needs the legacy password to avoid a password reset.

The default authentication flow in the SDK implements the secure remote password (SRP) protocol where no password is actually sent over the wire. To enable user migration on your app, use the USER_PASSWORD authentication flow which sends your password to the service over an encrypted SSL connection during authentication. After user migration, use the default SRP authentication flow.

Set the authentication type to USER_PASSWORD.


The authentication type is set in the getAuthenticationDetails() callback handler.

AuthenticationHandler authenticationHandler = new AuthenticationHandler() { @Override public void onSuccess(CognitoUserSession cognitoUserSession, CognitoDevice device) { // Successful authentication. } @Override public void getAuthenticationDetails(AuthenticationContinuation authContinuation, String username) { // Get user password. String password = getUserPassword(); // Add user credentials to Authentication Details. AuthenticationDetails authenticationDetails = new AuthenticationDetails(username, password, validationData); // Set the authentication type to use USER_PASSWORD flow. authenticationDetails.setAuthenticationType("USER_PASSWORD"); // Continue with authentication. authContinuation.setAuthenticationDetails(authenticationDetails); authContinuation.continueTask(); } @Override public void getMFACode(MultiFactorAuthenticationContinuation multiFactorAuthenticationContinuation) { // ... } @Override public void onFailure(Exception e) { // ... } @Override public void authenticationChallenge(ChallengeContinuation continuation) { // ... } };