Situation:

I have java background process service running that needs to access a secured REST API endpoint.

The API endpoint an AWS lambda function running behind Amazon API Gateway, using the Serverless framework. It is secured with a Amazon Cognito User Pool Authorizer.

I have created an App Client for my Java background service, which is attached to the user pool.

I have successfully retrieved the client authentication token and accessed the API endpoint using both cURL and HttpClient.

Question:

Is this functionality available in the AWS Java SDK (v1 or v2)?

I have been going through the SDK documentation and have found nothing so far. Is there something I’ve missed, or not found yet? Or is this just not currently available?

Answer

There is no raw API call in the AWS Java SDK(any version) for Cognito for the Client Credentials Authentication flow. However, you could manually write your own logic to implement this flow, as the sequence of steps involved in the Client Credentials(Machine-To-Machine flow) can be done with vanilla Java. This flow requires a POST request made to Cognito’s OAuth 2.0 TOKEN Endpoint[a]. Since this flow essentially requires an Endpoint request, I do not think the Cognito developers would develop an accessible API to achieve the flow.

For more details, I would request you to have a look at this official documentation[b], and this non-AWS published tutorial[c].

References

[a]. https://docs.aws.amazon.com/cognito/latest/developerguide/token-endpoint.html

[b]. https://aws.amazon.com/blogs/mobile/understanding-amazon-cognito-user-pool-oauth-2-0-grants/

[c]. https://lobster1234.github.io/2018/05/31/server-to-server-auth-with-amazon-cognito/