Android and Cognito

What is cognito

Create unique identities for users

Authenticate users using either user pools or federated identity providers

Link multiple accounts to the same user

Cognito as an identity broker

Manage authenticated and guest users across identity providers

Securely access AWS services from mobile devices and platforms

Perform backend services user has permission to do

Cognito authentication flow

Example: The who app

Step one: Enable google sign in

@OnClick(R.id.sign_in_button)
void onGoogleSignInButtonClicked() {
    Intent signInIntent = Auth.GoogleSignInApi.getSignInIntent(googleApiClient);
    startActivityForResult(signInIntent, RC_SIGN_IN);
}

public void onActivityResult(int requestCode, int resultCode, Intent data) {
    super.onActivityResult(requestCode, resultCode, data);

    switch (requestCode) {
        case RC_SIGN_IN:
            GoogleSignInResult result = Auth.GoogleSignInApi
                .getSignInResultFromIntent(data);
            presenter.handleSignInResult(result);
            break;
    }
}

Step Two: Create Cognito Identity Pool

  • In order for multiple google clients to be supported, google authentication must be added as an OpenID authentication provider

 

  • Add "accounts.google.com" as an identity provider in IAM
    • Add google client ids as audience for the provider

Step 3: Create policy for authentication users

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "execute-api:Invoke"
            ],
            "Resource": [
                "arn:aws:execute-api:us-east-1:293313708031:khbp0da195/*/GET/users/"
            ]
        }
    ]
}

Step 4: Integrate cognito authentication in client app

public void handleSignInResult(GoogleSignInResult result) {
        if(result.isSuccess() && result.getSignInAccount() != null) {
            GoogleSignInAccount account = result.getSignInAccount();
            String token = account.getIdToken();
            authenticator.authenticateWithGoogle(token)
                    .subscribe(identityId -> {
                        if(isViewAttached()) {
                            if(userPreferences.isFirstTimeSetup()) {
                                view().navigateToFirstTimeSetup(account);
                            } else {
                                view().navigateToDashboard(account);
                            }
                        }
                    }, error -> {

                    });
        } else {
            Timber.d("Status code: %d", result.getStatus().getStatusCode());
            if(isViewAttached()) {
                view().showLoginError();
            }
        }
    }
@AppScope
public class CognitoAuthenticator implements Authenticator {

    private Context context;
    private CognitoCachingCredentialsProvider credentialsProvider;
    private Signer signer;

    @Inject
    public CognitoAuthenticator(Context context, CognitoCachingCredentialsProvider credentialsProvider, Signer signer) {
        this.context = context;
        this.credentialsProvider = credentialsProvider;
        this.signer = signer;
    }

    @Override
    public Observable<String> authenticateWithGoogle(String token) {
        return Observable.create((Observable.OnSubscribe<String>) subscriber -> {
            Map<String, String> logins = new HashMap<>();
            logins.put(context.getString(R.string.cognito_google_identity_provider), token);
            credentialsProvider.setLogins(logins);

            String identityId = credentialsProvider.getIdentityId();
            subscriber.onNext(identityId);
            subscriber.onCompleted();
        }).compose(new ScheduleTransformer<>());
    }
}

any questions?

Made with Slides.com