Description

Spring Security AWS Cognito Authentcation Example

Application properties

server.port=8080

server.servlet.session.cookie.same-site=lax

spring.security.oauth2.client.registration.cognito.client-id={your-app-client-id}

spring.security.oauth2.client.registration.cognito.client-secret={your-app-client-secret}

spring.security.oauth2.client.registration.cognito.scope=openid

spring.security.oauth2.client.registration.cognito.redirect-uri=http://localhost:8080/login/oauth2/code/cognito

spring.security.oauth2.client.registration.cognito.clientName={your-app-client-name}

spring.security.oauth2.client.registration.cognito.authorization-grant-type=authorization_code

spring.security.oauth2.client.provider.cognito.issuerUri=https://cognito-idp.{your-user-pool-region}.amazonaws.com/{user-pool-id}

Create user pool

Configure sign-in experience

User pool name

Cognito domain prefix

URL: http://localhost:8080/login/oauth2/code/cognito

Create USER and ADMIN group

User Pool Test

Click on View Hosted UI button

User sign up

Assign user to a group

If necessary, clean you web browser cache.

P.S.: You can assign the user to a group appropriately using AWS Lambda.

Source file / directory structure