Amazon Cognito is a highly scalable, low cost cloud-based identity and access management service that can be integrated with virtually any web or mobile app. In this tutorial I will show you how to easily integrate Amazon Cognito into your Spring Boot application.
The “aws cognito authentication java example” is a Spring Boot application that shows how to use Amazon Cognito user authentication.
In this post, we’ll look at how to use Amazon Cognito for user authentication in a Spring Boot application. But first, let’s take a look at Amazon Cognito. According to the official website of Amazon Web Services.
Amazon Cognito allows you to quickly and simply add user sign-up, sign-in, and access management to your online and mobile applications. Amazon Cognito enables sign-in with social identity providers such as Apple, Facebook, Google, and Amazon, as well as business identity providers through SAML 2.0 and OpenID Connect, and scalable to millions of users.
So focus your time building fantastic applications and leave authentication to Amazon Cognito.
We’ll set up Amazon Cognito in our AWS account first, and then connect it with our Spring Boot application in this tutorial. So let’s get our hands filthy and dig right into the process!
Configuration of Amazon Cognito
Go to the Services tab after logging into the Amazon interface. You can get a list of all AWS services here. After you’ve selected Cognito, go to Manage User Pools. This is what you will see after that.
Make a User Pool
We don’t have any user pools right now. The following page will show once you click Create User Pool. Here we may setup Amazon Cognito to meet the Spring Boot Application’s needs. To begin, enter the pool’s name as indicated in the image. We’ve set it to TestUserPool in our instance.
You’ll decide how you want people to sign in in the Attributes area, whether it’s using their email address, phone number, username, or preferred username with password. We’ve kept the default setups here, which means that an email address will be needed to sign up.
Policies such as Password Strength, User Creation, and Temporary Password Expiration may all be defined under the Policies section. For the time being, we’ll leave everything default.
Now, as seen in the image, navigate to the App Client area and click on Add an app client.
Now type in the name of the app’s client. Along with Auth Flows Configuration and Security Configuration, you may define specifics like Refresh token expiry, Access token expiration, and ID token expiration time. We’ll leave all of the previously stated settings alone and select Create app client. To get access to this user pool, you will be issued a unique ID and a secret key after creating an App Client.
Now go to the Review area and select Create pool after checking the settings.
In the left pane, after you’ve created the pool, you’ll see some further choices to set. Create a user by going to the Users and Groups section and clicking the Create user button. As you can see, we haven’t yet generated any users for our Spring Boot application.
Now enter the User’s information, including Username, Temporary Password, Phone Number, and Email. Uncheck Send this new user an invitation, then click Create user.
Go to the App Clients area in the left pane. You can see the App client id here, which we’ll need to configure our Spring Boot application later. You can also examine the App client secret after choosing Show information, which will be utilized when setting our Spring Boot application.
Go to the App client settings under App Integration in the left pane and select Enable Identity Providers. Under Allowed OAuth Flows and Allowed OAuth Scopes, provide the Callback URL and select Authorization code grant and openid, then click Save changes.
Now, in the left pane, go to the Domain name area and add a domain prefix for the Amazon Cognito-hosted sign-up and sign-in pages, and then click Save changes.
With this, we’ve completed our Amazon Cognito configuration. We’ll now go to our Spring Boot application.
Spring Boot Application with Amazon Cognito Integration
This is the file application.properties. Take note of the following details.
- The client-id value in App Clients under General settings will be equivalent to client-id.
- The client-secret value in App Clients under General settings will be equivalent to client-secret.
- Under App integration, redirect-uri will be equivalent to Callback URL in App client settings.
- clientName will be the same as the name you gave the app client when you created it. It may be found under General settings in App Clients.
- The region in issueUri will be the same as the area in which you are presently working. It’s under the General Settings section.
- The Pool Id value in issueUri will be the same as the Pool Id value in General Settings.
spring.security.oauth2.client.registration.cognito.client-id = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx client.registration.cognito.scope = openid spring.security.oauth2.client.registration.cognito.scope = openid http://localhost:8080/login/oauth2/code/cognito; spring.security.oauth2.client.registration.cognito.redirect-uri = http://localhost:8080/login/oauth2/code/cognito; spring.security.oauth2.client.registration.cognito.redirect-uri = http://localhost: AWSCognitoSpringBootApp = spring.security.oauth2.client.registration.cognito.clientName spring.security.oauth2.client.provider.cognito.issuerUri = https://cognito-idp.region.amazonaws.com/Pool IdIdIdIdIdIdIdIdIdIdIdIdIdIdIdIdIdIdIdIdIdIdIdIdIdIdIdIdIdIdIdIdI cognito:username = spring.security.oauth2.client.provider.cognito.user-name-attribute
This is the Spring Boot Application’s pom.xml, which includes all of the required dependencies.
4.0.0 spring-boot-starter-parent org.springframework.boot com.library 2.5.6 aws-cognito aws-cognito 0.0.1-SNAPSHOT Amazon’s project org.springframework.boot Cognito 11 org.springframework.boot org.springframework.boot org.springframework.boot org.springframework.boot org.springframework. org.springframework.boot org.springframework.boot org.springframework.boot org.springframework.boot org.springframework. org.thymeleaf.extras thymeleaf-extras-springsecurity5 org.springframework.security spring-boot-starter-thymeleaf org.springframework.security.spring-security-oauth2-client org.springframework.security-oauth2-jose spring-security-oauth2-jose org.springframework.boot spring-boot-starter-test test org.springframework.security spring-test org.springframework.security test org.springframework.boot spring-boot-maven-plugin spring-security-test
The security configuration file is as follows.
@Configuration public class import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; Extends SecurityConfiguration http.csrf().and().authorizeRequests(authz -> authz.mvcMatchers(“/”) thrown by WebSecurityConfigurerAdapter @Override protected void configure(HttpSecurity http) throws Exception http.csrf().and().authorizeRequests(authz -> authz.mvcMatchers(“/”) .oauth2Login().and().logout().logoutSuccessUrl(“/”);.permitAll().anyRequest().authenticated()).oauth2Login().and().logout().logoutSuccessUrl(“/”);
This is the file that will be used to create our Home page.
org.springframework.context.annotation is an import. Import org.springframework.web.servlet.config.annotation for configuration. Import org.springframework.web.servlet.config.annotation into ViewControllerRegistry. @Configuration public class; WebMvcConfigurer WebMvcConfigurer is implemented by AmazonCognitoWebConfiguration. @Override public void registry.addViewController(“/”).setViewName(“home”); addViewControllers(ViewControllerRegistry registry)
Demo of AWS Cognito Spring Security
AWS Cognito is used to log in.
Go to http://localhost:8080 and click on Login with AWS Cognito after launching the Spring Boot Application.
The administrator will issue you with a username and password.
Because you are signing in for the first time, you will need to change your password, which was established by the administrator earlier.
You should now be able to connect to your Spring Boot application successfully.
In this article, we learnt how to utilize Amazon Cognito for user authentication in a Spring Boot application, as well as how to set up Amazon Cognito from scratch and integrate it into Spring Boot.
Please feel free to leave any remarks in the space below. Stay tuned for additional educational lessons in the near future.
Good luck with your studies!
Watch This Video-
The “spring security with aws cognito” is a user authentication solution that uses Amazon Cognito to store the user’s data. The Spring Boot application will use the Amazon Cognito authentication provider to authenticate users.
Frequently Asked Questions
How do I authenticate a Cognito user?
A: To authenticate a new user, simply create an account with the username and password that you want to use. Once your account is created, follow these steps for two-factor authentication:
1) Sign in to Cognito 2) Go into Home 3) Click on the top left of your screen 4) Select Admin from the menu 5) Click on Security Settings. 6a. On this page, click on Security Profile in blue 6b. On this page, enter one of your security keys (the text should be white). If its not there or if you dont remember which one it is – check out our article about how to find your Google Authenticator code here 7c. In order for us to activate two-factor verification we will need access codes sent by SMS 8d. After clicking save changes after step 6a., send us an email at [email protected] with details of what time zone/region where you are located so that we can provide correct information
How do I set up authentication with Amazon Cognito?
A: If you are using the Amazon Cognito service for authentication, simply follow these instructions to set up your project.
How does AWS Cognito authentication work?
A: AWS Cognito authentication is a feature that allows your web application to authenticate users without requiring them to log in. Instead, you provide an endpoint which the user connects with and their credentials are sent over TLS/SSL.
- aws cognito spring boot jwt
- aws cognito spring boot rest api
- authenticate spring boot api with aws cognito
- aws cognito spring boot github
- spring boot 2.4 aws cognito