Working with Amazon Cognito - AWS SDK for Java

You can now use the Amazon S3 Transfer Manager (Developer Preview) in the AWS SDK for Java 2.x for accelerated file transfers. Give it a try and let us know what you think! By the way, the AWS SDK for Java team is hiring software development engineers!

Working with Amazon Cognito

With Amazon Cognito, you can quickly add user sign-up or sign-in capability to your web or mobile app. The examples here demonstrate some of the basic functionality of Amazon Cognito.

Create a user pool

A user pool is a directory of users that you can configure for your web or mobile app.

To create a user pool, start by building a CreateUserPoolRequest object, with the name of the user pool as the value of its poolName(). Call the createUserPool() method of your CreateUserPoolRequest, passing in the CreateUserPoolRequest object. You can capture the result of this request as a CreateUserPoolResponse object, as demonstrated in the following code snippet.

Imports

import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.cognitoidentityprovider.CognitoIdentityProviderClient; import software.amazon.awssdk.services.cognitoidentityprovider.model.CognitoIdentityProviderException; import software.amazon.awssdk.services.cognitoidentityprovider.model.CreateUserPoolRequest; import software.amazon.awssdk.services.cognitoidentityprovider.model.CreateUserPoolResponse;

Code

public static String createPool(CognitoIdentityProviderClient cognitoClient, String userPoolName ) { try { CreateUserPoolResponse response = cognitoClient.createUserPool( CreateUserPoolRequest.builder() .poolName(userPoolName) .build() ); return response.userPool().id(); } catch (CognitoIdentityProviderException e){ System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); } return ""; }

See the complete example on GitHub.

List users from a user pool

To list users from your user pools, start by building a ListUserPoolsRequest object, with the number of maximum results as the value of its maxResults(). Call the listUserPools() method of your CognitoIdentityProviderClient, passing in the ListUserPoolsRequest object. You can capture the result of this request as a ListUserPoolsResponse object, as demonstrated in the following code snippet. Create a UserPoolDescriptionType object to easily iterate over the results and pull out the attributes of each user.

Imports

import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.cognitoidentityprovider.CognitoIdentityProviderClient; import software.amazon.awssdk.services.cognitoidentityprovider.model.CognitoIdentityProviderException; import software.amazon.awssdk.services.cognitoidentityprovider.model.ListUserPoolsResponse; import software.amazon.awssdk.services.cognitoidentityprovider.model.ListUserPoolsRequest;

Code

public static void listAllUserPools(CognitoIdentityProviderClient cognitoClient ) { try { ListUserPoolsRequest request = ListUserPoolsRequest.builder() .maxResults(10) .build(); ListUserPoolsResponse response = cognitoClient.listUserPools(request); response.userPools().forEach(userpool -> { System.out.println("User pool " + userpool.name() + ", User ID " + userpool.id() ); } ); } catch (CognitoIdentityProviderException e){ System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); } }

See the complete example on GitHub.

Create an identity pool

An identity pool is a container that organizes the IDs from your external identity provider, keeping a unique identifier for each user. To create an identity pool, start by building a CreateIdentityPoolRequest with the name of the user pool as the value of its identityPoolName(). Set allowUnauthenticatedIdentities() to true or false. Call the createIdentityPool() method of your CognitoIdentityClient object, passing in the CreateIdentityPoolRequest object. You can capture the result of this request as a CreateIdentityPoolResponse object, as demonstrated in the following code snippet.

Imports

import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.cognitoidentity.CognitoIdentityClient; import software.amazon.awssdk.services.cognitoidentity.model.CreateIdentityPoolRequest; import software.amazon.awssdk.services.cognitoidentity.model.CreateIdentityPoolResponse; import software.amazon.awssdk.services.cognitoidentityprovider.model.CognitoIdentityProviderException;

Code

public static String createIdPool(CognitoIdentityClient cognitoClient, String identityPoolName ) { try { CreateIdentityPoolRequest poolRequest = CreateIdentityPoolRequest.builder() .allowUnauthenticatedIdentities(false) .identityPoolName(identityPoolName) .build() ; CreateIdentityPoolResponse response = cognitoClient.createIdentityPool(poolRequest); return response.identityPoolId(); } catch (CognitoIdentityProviderException e){ System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); } return ""; }

See the complete example on GitHub.

Add an app client

To enable the hosted web sign-up or sign-in UI for your app, create an app client. To create an app client, start by building a CreateUserPoolClientRequest object, with the name of the client as the value of its clientName(). Set userPoolId() to the ID of the user pool to which you want to attach this app client. Call the createUserPoolClient() method of your CognitoIdentityProviderClient, passing in the CreateUserPoolClientRequest object. You can capture the result of this request as a CreateUserPoolClientResponse object, as demonstrated in the following code snippet.

Imports

import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.cognitoidentityprovider.CognitoIdentityProviderClient; import software.amazon.awssdk.services.cognitoidentityprovider.model.CognitoIdentityProviderException; import software.amazon.awssdk.services.cognitoidentityprovider.model.CreateUserPoolClientRequest; import software.amazon.awssdk.services.cognitoidentityprovider.model.CreateUserPoolClientResponse;

Code

public static void createPoolClient ( CognitoIdentityProviderClient cognitoClient, String clientName, String userPoolId ) { try { CreateUserPoolClientResponse response = cognitoClient.createUserPoolClient( CreateUserPoolClientRequest.builder() .clientName(clientName) .userPoolId(userPoolId) .build() ); System.out.println("User pool " + response.userPoolClient().clientName() + " created. ID: " + response.userPoolClient().clientId()); } catch (CognitoIdentityProviderException e){ System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); } }

See the complete example on GitHub.

Add a third-party identity provider

Adding an external identity provider (IdP) enables your users to log into your app using that service’s login mechanism. To add a third-party IdP, start by building an UpdateIdentityPoolRequest object, with the name of the identity pool as the value of its identityPoolName(). Set allowUnauthenticatedIdentities() to true or false, specify the identityPoolId(), and define which login providers will be supported with supportedLoginProviders(). Call the updateIdentityPool() method of your CognitoIdentityClient, passing in the UpdateIdentityPoolRequest object. You can capture the result of this request as an UpdateIdentityPoolResponse object, as demonstrated in the following code snippet.

Imports

import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.cognitoidentity.CognitoIdentityClient; import software.amazon.awssdk.services.cognitoidentity.model.CognitoIdentityProvider; import software.amazon.awssdk.services.cognitoidentity.model.UpdateIdentityPoolRequest; import software.amazon.awssdk.services.cognitoidentity.model.UpdateIdentityPoolResponse; import software.amazon.awssdk.services.cognitoidentityprovider.model.CognitoIdentityProviderException; import java.util.ArrayList; import java.util.List;

Code

public static void createNewUser(CognitoIdentityProviderClient cognitoClient, String userPoolId, String name, String email, String password){ try{ AttributeType userAttrs = AttributeType.builder() .name("email") .value(email) .build(); AdminCreateUserRequest userRequest = AdminCreateUserRequest.builder() .userPoolId(userPoolId) .username(name) .temporaryPassword(password) .userAttributes(userAttrs) .messageAction("SUPPRESS") .build() ; AdminCreateUserResponse response = cognitoClient.adminCreateUser(userRequest); System.out.println("User " + response.user().username() + "is created. Status: " + response.user().userStatus()); } catch (CognitoIdentityProviderException e){ System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); } }

See the complete example on GitHub.

Get credentials for an ID

To get the credentials for an identity in an identity pool, first build a GetCredentialsForIdentityRequest with the identity ID as the value of its identityId(). Call the getCredentialsForIdentity() method of your CognitoIdentityClient, passing in the GetCredentialsForIdentityRequest. You can capture the result of this request as a GetCredentialsForIdentityResponse object, as demonstrated in the following code snippet.

Imports

import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.cognitoidentity.CognitoIdentityClient; import software.amazon.awssdk.services.cognitoidentity.model.GetCredentialsForIdentityRequest; import software.amazon.awssdk.services.cognitoidentity.model.GetCredentialsForIdentityResponse; import software.amazon.awssdk.services.cognitoidentityprovider.model.CognitoIdentityProviderException;

Code

public static void getCredsForIdentity(CognitoIdentityClient cognitoClient, String identityId) { try { GetCredentialsForIdentityRequest getCredentialsForIdentityRequest = GetCredentialsForIdentityRequest.builder() .identityId(identityId) .build(); GetCredentialsForIdentityResponse response = cognitoClient.getCredentialsForIdentity(getCredentialsForIdentityRequest); System.out.println("Identity ID " + response.identityId() + ", Access key ID " + response.credentials().accessKeyId()); } catch (CognitoIdentityProviderException e) { System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); } }

See the complete example on GitHub.

For more information, see the Amazon Cognito Developer Guide.