I want to test custom user authorization with Cognito and do it from a simple java code. The problem is, the CognitoCachingCredentialsProvider requires an Android ApplicationContext and won't accept a null.
The whole flow is supposed to go like this:
- User logs in using an email and password
- Backend (a Lambda function) gets an IdentityToken from Cognito and returns it to the user
- User can now retrieve credentials from Cognito and initialize an ApiClientFactory to authorize calls to other API endpoints
Is there something I'm missing or do I just have the whole concept wrong? Any good tutorials on this? I've already went through every possible documentation on AWS but I find it really hard to wrap my head around it and there is not a single material on plain Java, only Android.
Generally Amazon Cognito is used from "untrusted" clients like mobile and JavaScript apps to vend temporary AWS Credentials directly to the end user. Since the most common Java client-side apps we see are Android apps, our guides focus on Android rather than plain Java, but the same process will work with the Java SDK.
Server Side
When using Amazon Cognito's Developer Authenticated Identities feature as you mentioned you are doing, you'll get an OpenID Connect token back from the call to Amazon Cognito's GetOpenIdTokenForDeveloperIdentity on your backend (lambda) function. Your backend should provide that token to the client application after successfully authenticating the user.
Client Side
Then the client-side application needs to make a call to Cognito's GetCredentialsForIdentity API (Java docs) passing in the token from the Server Side step above to get AWS Session Credentials as a Credentials object in the Java SDK. With these session credentials (which are effectively credentials from the AWS Security Token Service/STS), create a BasicSessionCredentials object, passing it the session credentials and session token as described under Explicitly Specifying Credentials in the Java SDK developer guide.
Try this link : https://aws.amazon.com/blogs/mobile/use-amazon-cognito-in-your-website-for-simple-aws-authentication/
It explains everything for Java SDK. Similar to the reporter I had a harrowing experience going through loads of documentations before arriving here.
来源:https://stackoverflow.com/questions/32970790/can-i-authenticate-with-aws-cognito-from-plain-java