Authenticate Spring boot API with AWS Cognito

When a requirement came to implement identity management in an existing web-app, I had two options in front of me. One, to go with an authentication microservice of our own with database etc managed by us; or two, to use a serverless Identity management tool. Since this app which we were developing was a support tool intended to be used only during the initial phase of the project just by the internal team, having a pluggable identity management solution sounded reasonable compared to putting effort to develop our authentication service and then maintaining it. Hence we decided to go with the serverless option. AWS offers a cool identity management tool called AWS Cognito.

AWS Cognito provides user management, authentication and authorization for the apps. Hence we needn’t worry about the authentication/user data storage and access key generation logic. Using Cognito, users will be able to sign in with their user name and password or through any supported third party oAuth 2 provider such as Twitter, Facebook, Google or Apple. Additionally, with Cognito Identity Pools, we can access resources on AWS through IAM roles. Since we were already on the AWS stack, we decided to go with Cognito.

Currently, we have a frontend app that is exposed to the internet which needs to access a service that is inside a VPC to fetch data. With a front-end login already in place, we needed to authorize the API using id token which basically is a JW Token issued by AWS Cognito.

This post covers the API authentication of a Spring Boot application using AWS Cognito. We will get in detail about how to authenticate the API upon receiving the JWT token frontend.

To authenticate an API request with AWS Cognito, we need to complete two steps:

When a request hits the app, using a filter or interceptor, get the request. Retrieve the ‘Authorisation’ header. The authorization header will be of format ‘Bearer <TOKEN>’. Retrieve the token from the header. The token here will be the id token sent from the…

Related posts:

I started blogging at the ripe old age of 40 or 41. I started blogging mainly to promote my first self-published book, which was a fantasy novel, my writing, and myself as an author. Didn’t work…

Count your blessings if you can’t zoom into this photo and follow the contrails along my face and neck. That’s me about four weeks ago in my office after getting the bulk of my hair cut off. I took…

Starting an online business requires the same diligence as starting a brick-and-mortar business, plus some unique steps. In many ways, the internet has leveled the playing field for small business…