-
Create your user pool on the Cognito console
- Follow the steps outlined here to create a user pool.
- Configure the App Client as follows:
- Choose App client settings from the navigation bar on the left-side of the console page.
- Select Cognito User Pool as one of the Enabled Identity Providers.
- Type a callback URL for the Amazon Cognito authorization server to call after users are authenticated. For the sample app set it to myapp://
- Set Sign out URL(s) to myapp://
- You can enable both the Authorization code grant and the Implicit code grant under Allowed OAuth flows.
- Unless you specifically want to exclude one, select the check boxes for all of the Allowed OAuth scopes.
- Choose Save changes.
- Configure a user pool domain
- On the Domain name page, type a domain prefix that's available.
- Make a note of the complete domain address.
- Choose Save changes.
-
Download and import the AmazonCognitoAuthDemo project into your Android Studio
- From the Welcome screen, click on "Import project".
- Browse to the AmazonCognitoAuthDemo directory and click OK.
- Accept requests to add Gradle to the project.
- If the SDK reports missing Android SDK packages (such as Build Tools or the Android API package), import relevant Android SDKs.
-
Modify the demo to run it on your user pool.
- Open the file strings.xml file.
- Fill in the values for the following string resources :
- cognito_web_domain set this to the user pool domain set above. It must be of the form foo.auth.us-east-1.amazoncognito.com without the preceding http:// or https://
- cognito_client_id set this to your app client id obtained above.
- cognito_client_secret set this to your app client secret associated with the app client id.
- app_redirect set this to be same as callback URL for your app client(i.e. myapp://).
-
You are now ready to run this demo.
You can now use Amazon Cognito Auth to easily add sign-in and sign-out to your mobile apps. Your User Pool in Amazon Cognito is a fully managed user directory that can scale to hundreds of millions of users, so you don't have to worry about building, securing, and scaling a solution to handle user management and authentication.
The Amazon Cognito Auth SDK for Android simplifies adding sign-up, sign-in functionality in your apps.
With this SDK, you can use Cognito User Pools’ app integration and federation features, with a customizable UI hosted by AWS to sign up and sign in users, and with built-in federation for external identity providers via SAML.
To learn more see our Developer Guide.
If you are looking for our SDK to access all user APIs for Cognito User Pools, see the Android Cognito Identity Provider SDK .
Find the Android sample for this SDK at the GitHub Repository.
Add the following dependencies to your app/build.gradle.
AWS Android Cognito Auth The SDK with sign-in and sign-up functions aws-android-sdk-cognitoauth
dependency {
implementation ('com.amazonaws:aws-android-sdk-cognitoauth:2.9.+@aar') { transitive = true }
}
To add other AWS Android SDK's in your app read the Guide for AWS Android Mobile SDK.
Chrome Custom Tabs This SDK opens Cognito's hosted webpage's on Chrome.
dependency {
implementation 'com.android.support:customtabs:25.0.0+'
}
Note Chrome is required on the Android device to use this SDK.
Maven Central Repo
To use the latest versions of aws-android-sdk-cognitoauth, you will need to add mavenCentral() to the list of repositories in your top-level build.gradle file.
Create a new instance of Auth with the following userpool settings.
cognitoAuthWebDomain The Cognito's authentication domain.
This domain will point to the hosted UI pages. This domain can be created in userpool settings.
This is just the domain name without the scheme. The SDK will always use https.
e.g. foo.auth.us-east-1.amazoncognito.com
cognitoClientId The app client ID can be found by navigating to the App client settings in the Cognito UserPools console.
signInRedirectUri The Fully Qualified Domain Name (FQDN) to which Cognito must redirect to after authentication.
This must include the scheme. e.g. myApp://www.myApp.com
signOutRedirectUri The Fully Qualified Domain Name (FQDN) to which Cognito must redirect to after logout.
This must also include the scheme.
Auth.Builder builder = new Auth.Builder();
builder.setAppClientId(cognitoClientId)
.setAppCognitoWebDomain(cognitoAuthWebDomain)
.setSignInRedirect(signInRedirectUri)
.setSignOutRedirect(signOutRedirectUri);Set a callback for Cognito Auth that will be invoked after successful authentication or on failure.
class callback implements AuthHandler {
@Override
public void onSuccess(AuthUserSession session) {
// This will invoked to return tokens on successful authentication or when valid tokens are available locally.
// 'session' will contain valid tokens for the user.
}
@Override
public void onSignout() {
// This will be invoked on successful sign-out.
}
@Override
public void onFailure(Exception e) {
// This will be invoked when error conditions. Probe the exception to get the exception details.
}
}Assign the callback to Auth.
builder.setAuthHandler(new callback());Create an instance for Cognito Auth.
Auth cognitoAuth = builder.build();Add an intent-filter in the app manifest to allow Android to invoke your app Activity after successful authentication and signout.
<intent-filter>
<action android:name="android.intent.action.VIEW" />
<category android:name="android.intent.category.DEFAULT" />
<category android:name="android.intent.category.BROWSABLE" />
<data android:host="YOUR_REDIRECT_URI_AUTHORITY"android:scheme="YOUR_REDIRECT_SCHEME"/>
</intent-filter><uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />Use the getSession API to authenticate a user and get tokens for the user.
cognitoAuth.getSession();This will open the Cognito login webpage and prompt the user to authenticate.
If valid tokens are already available for the last authenticated user, the tokens are returned from the callback.
The Cognito login webpage is launched on Chrome Custom Tabs. After the user successfully authenticates and on redirect to the set signInRedirectUri, the Android will invoke the app Activity which has registered an intent-filter for signInRedirectUri.
Pass this redirect URI to the SDK to get the tokens for the user.
cognitoAuth.getTokens(getIntent().getData());This will sign out the current user by clearing cached tokens.
cognitoAuth.signOut();We welcome developer feedback on this project. You can reach us by creating an issue on the GitHub repository or posting to the Amazon Cognito Identity forums and the below blog post: