Getting Cognito Credentials on Android

Question

I need to authenticate a user using AWS's Cognito in Android and get a token to use on my future requests. Some information is provided to me by the backend but I still haven't managed to use it in the appropriate way, and Cognito's documentation did not help me on this. I have this fixed info:

Pool Region: us-east-1 Pool ID: us-east-1:xxxxx-xxxxx-xxxxx-xxxx-xxxxxxxx

And after authenticating the user on the login endpoint I get this info:

{
   "cognitoId": "us-east-1:yyyy-yyyy-yyyy-yyyy-yyyyyyy",
   "cognitoToken": "hH1Q8bCLh9-pamP6DCrC0-KY4rNtZ115xDedE224CeEanex-CCWh4tWUtJjPc_tU3d6eJ_7Uk23ceTNhCFYT1qnAL_7kAH_lHod4a1GQo29FuTLQSqx4lOFv2Ev3RvYcCzjyLEAA1-EIKBtfSm_YN9y6DHBOzDJ8owLJTxB0JEWvsWfATjug4P8hxCI97RVB2cetrmq4JvZr__bCziUb-7AifPvy4VMW3xLjJ7uyDvogwcx5gJ1rF8Z38_z7kREB1R_CYPRVQuoHzag0j9RoOTNeAYFGO42qgCewTl3Lvm5PUbTIGhCIp6y1RVWAPLEdMWmQ3LVpqJcZKLQRhMmEzOGMyTUiXSwiaXNzIjoiaHR0cHM6Ly9jb2duaXRvLWlkZW50aXR5LmFtYXpvbmF3cy5jb20iLCJleHAiOjE1MTE2NDEzMDksImlhdCI6MTUxMTYyNjkwOX0.QFWGxh_"
}

The IDs were omitted and the token was altered in order to preserve the information. It is important to note that the Pool ID (constant in the app) and the cognitoId (returned by the backend) are different.

I have a static Credentials Provider initialized like this:

credentialsProvider = new CognitoCachingCredentialsProvider(
               getApplicationContext(),    /* get the context for the application */
               IDENTITY_POOL_ID,    /* Identity Pool ID */
               Regions.US_EAST_1           /* Region for your identity pool--US_EAST_1 or EU_WEST_1*/
       );

This is the task that does the work of trying to get the Cognito auth:

private static final class CognitoAuthTask extends AsyncTask {
           @Override
           protected String doInBackground(String... strings) {
               String userId = strings[0];
               String token = strings[1];
               String sessionToken = null;
               try {
                   Map logins = new HashMap();
                   logins.put(userId, token);
                   credentialsProvider.setLogins(logins);
                   AWSSessionCredentials credentials = credentialsProvider.getCredentials();
                   sessionToken = credentials.getSessionToken();
               } catch (Exception e) {
                   if (BuildConfig.DEBUG) {
                       e.printStackTrace();
                   }
               } finally {
                   return sessionToken;
               }
           }

           @Override
           protected void onPostExecute(String authToken) {
               super.onPostExecute(authToken);
               cognitoAuthToken = authToken;
               if (BuildConfig.DEBUG) {
                   Log.d("Cognito Token", cognitoAuthToken == null ? "null" : cognitoAuthToken);
               }
           }
       }

And this is where I call it when I have the information from my login endpoint (as I showed above):

public void authenticateCognito(String userId, String token) {
       new CognitoAuthTask().execute(userId, token);
   }

The problem is that this is not working, I get this error here:

Invalid login token. Can't pass in a Cognito token. (Service: AmazonCognitoIdentity; Status Code: 400; Error Code: NotAuthorizedException; Request ID: zzzzzz-zzzz-zzzz-zzzz-zzzzzzzzzz)

The error happens on the task, on this line of code here:

credentialsProvider.getCredentials();

The backend team mentioned that I would need to use the GetCredentialsForIdentity method, but I can't find anything like that on the Cognito Android SDK.

Any help is appreciated.

Viccari · Accepted Answer

The class you should be using is AmazonCognitoIdentityClient, that is the class implementing the GetCredentialsForIdentity API.

Getting Cognito Credentials on Android

Answers (2)

Related Questions