# Amazon Cognito Identity Provider examples using SDK for Kotlin Amazon Cognito Identity Provider The following code examples show you how to perform actions and implement common scenarios by using the AWS SDK for Kotlin with Amazon Cognito Identity Provider. *Actions* are code excerpts from larger programs and must be run in context. While actions show you how to call individual service functions, you can see actions in context in their related scenarios. *Scenarios* are code examples that show you how to accomplish specific tasks by calling multiple functions within a service or combined with other AWS services. Each example includes a link to the complete source code, where you can find instructions on how to set up and run the code in context. **Topics** + [Actions](#actions) + [Scenarios](#scenarios) ## Actions Actions ### `AdminGetUser` `AdminGetUser` The following code example shows how to use `AdminGetUser`. **SDK for Kotlin** There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/kotlin/services/cognito#code-examples). ``` suspend fun getAdminUser( userNameVal: String?, poolIdVal: String?, ) { val userRequest = AdminGetUserRequest { username = userNameVal userPoolId = poolIdVal } CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient -> val response = identityProviderClient.adminGetUser(userRequest) println("User status ${response.userStatus}") } } ``` + For API details, see [AdminGetUser](https://sdk.amazonaws.com/kotlin/api/latest/index.html) in *AWS SDK for Kotlin API reference*. ### `AdminInitiateAuth` `AdminInitiateAuth` The following code example shows how to use `AdminInitiateAuth`. **SDK for Kotlin** There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/kotlin/services/cognito#code-examples). ``` suspend fun checkAuthMethod( clientIdVal: String, userNameVal: String, passwordVal: String, userPoolIdVal: String, ): AdminInitiateAuthResponse { val authParas = mutableMapOf() authParas["USERNAME"] = userNameVal authParas["PASSWORD"] = passwordVal val authRequest = AdminInitiateAuthRequest { clientId = clientIdVal userPoolId = userPoolIdVal authParameters = authParas authFlow = AuthFlowType.AdminUserPasswordAuth } CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient -> val response = identityProviderClient.adminInitiateAuth(authRequest) println("Result Challenge is ${response.challengeName}") return response } } ``` + For API details, see [AdminInitiateAuth](https://sdk.amazonaws.com/kotlin/api/latest/index.html) in *AWS SDK for Kotlin API reference*. ### `AdminRespondToAuthChallenge` `AdminRespondToAuthChallenge` The following code example shows how to use `AdminRespondToAuthChallenge`. **SDK for Kotlin** There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/kotlin/services/cognito#code-examples). ``` // Respond to an authentication challenge. suspend fun adminRespondToAuthChallenge( userName: String, clientIdVal: String?, mfaCode: String, sessionVal: String?, ) { println("SOFTWARE_TOKEN_MFA challenge is generated") val challengeResponsesOb = mutableMapOf() challengeResponsesOb["USERNAME"] = userName challengeResponsesOb["SOFTWARE_TOKEN_MFA_CODE"] = mfaCode val adminRespondToAuthChallengeRequest = AdminRespondToAuthChallengeRequest { challengeName = ChallengeNameType.SoftwareTokenMfa clientId = clientIdVal challengeResponses = challengeResponsesOb session = sessionVal } CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient -> val respondToAuthChallengeResult = identityProviderClient.adminRespondToAuthChallenge(adminRespondToAuthChallengeRequest) println("respondToAuthChallengeResult.getAuthenticationResult() ${respondToAuthChallengeResult.authenticationResult}") } } ``` + For API details, see [AdminRespondToAuthChallenge](https://sdk.amazonaws.com/kotlin/api/latest/index.html) in *AWS SDK for Kotlin API reference*. ### `AssociateSoftwareToken` `AssociateSoftwareToken` The following code example shows how to use `AssociateSoftwareToken`. **SDK for Kotlin** There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/kotlin/services/cognito#code-examples). ``` suspend fun getSecretForAppMFA(sessionVal: String?): String? { val softwareTokenRequest = AssociateSoftwareTokenRequest { session = sessionVal } CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient -> val tokenResponse = identityProviderClient.associateSoftwareToken(softwareTokenRequest) val secretCode = tokenResponse.secretCode println("Enter this token into Google Authenticator") println(secretCode) return tokenResponse.session } } ``` + For API details, see [AssociateSoftwareToken](https://sdk.amazonaws.com/kotlin/api/latest/index.html) in *AWS SDK for Kotlin API reference*. ### `ConfirmSignUp` `ConfirmSignUp` The following code example shows how to use `ConfirmSignUp`. **SDK for Kotlin** There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/kotlin/services/cognito#code-examples). ``` suspend fun confirmSignUp( clientIdVal: String?, codeVal: String?, userNameVal: String?, ) { val signUpRequest = ConfirmSignUpRequest { clientId = clientIdVal confirmationCode = codeVal username = userNameVal } CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient -> identityProviderClient.confirmSignUp(signUpRequest) println("$userNameVal was confirmed") } } ``` + For API details, see [ConfirmSignUp](https://sdk.amazonaws.com/kotlin/api/latest/index.html) in *AWS SDK for Kotlin API reference*. ### `ListUsers` `ListUsers` The following code example shows how to use `ListUsers`. **SDK for Kotlin** There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/kotlin/services/cognito#code-examples). ``` suspend fun listAllUsers(userPoolId: String) { val request = ListUsersRequest { this.userPoolId = userPoolId } CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { cognitoClient -> val response = cognitoClient.listUsers(request) response.users?.forEach { user -> println("The user name is ${user.username}") } } } ``` + For API details, see [ListUsers](https://sdk.amazonaws.com/kotlin/api/latest/index.html) in *AWS SDK for Kotlin API reference*. ### `ResendConfirmationCode` `ResendConfirmationCode` The following code example shows how to use `ResendConfirmationCode`. **SDK for Kotlin** There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/kotlin/services/cognito#code-examples). ``` suspend fun resendConfirmationCode( clientIdVal: String?, userNameVal: String?, ) { val codeRequest = ResendConfirmationCodeRequest { clientId = clientIdVal username = userNameVal } CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient -> val response = identityProviderClient.resendConfirmationCode(codeRequest) println("Method of delivery is " + (response.codeDeliveryDetails?.deliveryMedium)) } } ``` + For API details, see [ResendConfirmationCode](https://sdk.amazonaws.com/kotlin/api/latest/index.html) in *AWS SDK for Kotlin API reference*. ### `SignUp` `SignUp` The following code example shows how to use `SignUp`. **SDK for Kotlin** There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/kotlin/services/cognito#code-examples). ``` suspend fun signUp( clientIdVal: String?, userNameVal: String?, passwordVal: String?, emailVal: String?, ) { val userAttrs = AttributeType { name = "email" value = emailVal } val userAttrsList = mutableListOf() userAttrsList.add(userAttrs) val signUpRequest = SignUpRequest { userAttributes = userAttrsList username = userNameVal clientId = clientIdVal password = passwordVal } CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient -> identityProviderClient.signUp(signUpRequest) println("User has been signed up") } } ``` + For API details, see [SignUp](https://sdk.amazonaws.com/kotlin/api/latest/index.html) in *AWS SDK for Kotlin API reference*. ### `VerifySoftwareToken` `VerifySoftwareToken` The following code example shows how to use `VerifySoftwareToken`. **SDK for Kotlin** There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/kotlin/services/cognito#code-examples). ``` // Verify the TOTP and register for MFA. suspend fun verifyTOTP( sessionVal: String?, codeVal: String?, ) { val tokenRequest = VerifySoftwareTokenRequest { userCode = codeVal session = sessionVal } CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient -> val verifyResponse = identityProviderClient.verifySoftwareToken(tokenRequest) println("The status of the token is ${verifyResponse.status}") } } ``` + For API details, see [VerifySoftwareToken](https://sdk.amazonaws.com/kotlin/api/latest/index.html) in *AWS SDK for Kotlin API reference*. ## Scenarios Scenarios ### Sign up a user with a user pool that requires MFA Sign up a user with a user pool that requires MFA The following code example shows how to: + Sign up and confirm a user with a username, password, and email address. + Set up multi-factor authentication by associating an MFA application with the user. + Sign in by using a password and an MFA code. **SDK for Kotlin** There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/kotlin/services/cognito#code-examples). ``` /** Before running this Kotlin code example, set up your development environment, including your credentials. For more information, see the following documentation: https://docs.aws.amazon.com/sdk-for-kotlin/latest/developer-guide/setup.html TIP: To set up the required user pool, run the AWS Cloud Development Kit (AWS CDK) script provided in this GitHub repo at resources/cdk/cognito_scenario_user_pool_with_mfa. This code example performs the following operations: 1. Invokes the signUp method to sign up a user. 2. Invokes the adminGetUser method to get the user's confirmation status. 3. Invokes the ResendConfirmationCode method if the user requested another code. 4. Invokes the confirmSignUp method. 5. Invokes the initiateAuth to sign in. This results in being prompted to set up TOTP (time-based one-time password). (The response is “ChallengeName”: “MFA_SETUP”). 6. Invokes the AssociateSoftwareToken method to generate a TOTP MFA private key. This can be used with Google Authenticator. 7. Invokes the VerifySoftwareToken method to verify the TOTP and register for MFA. 8. Invokes the AdminInitiateAuth to sign in again. This results in being prompted to submit a TOTP (Response: “ChallengeName”: “SOFTWARE_TOKEN_MFA”). 9. Invokes the AdminRespondToAuthChallenge to get back a token. */ suspend fun main(args: Array) { val usage = """ Usage: Where: clientId - The app client Id value that you can get from the AWS CDK script. poolId - The pool Id that you can get from the AWS CDK script. """ if (args.size != 2) { println(usage) exitProcess(1) } val clientId = args[0] val poolId = args[1] // Use the console to get data from the user. println("*** Enter your use name") val inOb = Scanner(System.`in`) val userName = inOb.nextLine() println(userName) println("*** Enter your password") val password: String = inOb.nextLine() println("*** Enter your email") val email = inOb.nextLine() println("*** Signing up $userName") signUp(clientId, userName, password, email) println("*** Getting $userName in the user pool") getAdminUser(userName, poolId) println("*** Conformation code sent to $userName. Would you like to send a new code? (Yes/No)") val ans = inOb.nextLine() if (ans.compareTo("Yes") == 0) { println("*** Sending a new confirmation code") resendConfirmationCode(clientId, userName) } println("*** Enter the confirmation code that was emailed") val code = inOb.nextLine() confirmSignUp(clientId, code, userName) println("*** Rechecking the status of $userName in the user pool") getAdminUser(userName, poolId) val authResponse = checkAuthMethod(clientId, userName, password, poolId) val mySession = authResponse.session val newSession = getSecretForAppMFA(mySession) println("*** Enter the 6-digit code displayed in Google Authenticator") val myCode = inOb.nextLine() // Verify the TOTP and register for MFA. verifyTOTP(newSession, myCode) println("*** Re-enter a 6-digit code displayed in Google Authenticator") val mfaCode: String = inOb.nextLine() val authResponse1 = checkAuthMethod(clientId, userName, password, poolId) val session2 = authResponse1.session adminRespondToAuthChallenge(userName, clientId, mfaCode, session2) } suspend fun checkAuthMethod( clientIdVal: String, userNameVal: String, passwordVal: String, userPoolIdVal: String, ): AdminInitiateAuthResponse { val authParas = mutableMapOf() authParas["USERNAME"] = userNameVal authParas["PASSWORD"] = passwordVal val authRequest = AdminInitiateAuthRequest { clientId = clientIdVal userPoolId = userPoolIdVal authParameters = authParas authFlow = AuthFlowType.AdminUserPasswordAuth } CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient -> val response = identityProviderClient.adminInitiateAuth(authRequest) println("Result Challenge is ${response.challengeName}") return response } } suspend fun resendConfirmationCode( clientIdVal: String?, userNameVal: String?, ) { val codeRequest = ResendConfirmationCodeRequest { clientId = clientIdVal username = userNameVal } CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient -> val response = identityProviderClient.resendConfirmationCode(codeRequest) println("Method of delivery is " + (response.codeDeliveryDetails?.deliveryMedium)) } } // Respond to an authentication challenge. suspend fun adminRespondToAuthChallenge( userName: String, clientIdVal: String?, mfaCode: String, sessionVal: String?, ) { println("SOFTWARE_TOKEN_MFA challenge is generated") val challengeResponsesOb = mutableMapOf() challengeResponsesOb["USERNAME"] = userName challengeResponsesOb["SOFTWARE_TOKEN_MFA_CODE"] = mfaCode val adminRespondToAuthChallengeRequest = AdminRespondToAuthChallengeRequest { challengeName = ChallengeNameType.SoftwareTokenMfa clientId = clientIdVal challengeResponses = challengeResponsesOb session = sessionVal } CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient -> val respondToAuthChallengeResult = identityProviderClient.adminRespondToAuthChallenge(adminRespondToAuthChallengeRequest) println("respondToAuthChallengeResult.getAuthenticationResult() ${respondToAuthChallengeResult.authenticationResult}") } } // Verify the TOTP and register for MFA. suspend fun verifyTOTP( sessionVal: String?, codeVal: String?, ) { val tokenRequest = VerifySoftwareTokenRequest { userCode = codeVal session = sessionVal } CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient -> val verifyResponse = identityProviderClient.verifySoftwareToken(tokenRequest) println("The status of the token is ${verifyResponse.status}") } } suspend fun getSecretForAppMFA(sessionVal: String?): String? { val softwareTokenRequest = AssociateSoftwareTokenRequest { session = sessionVal } CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient -> val tokenResponse = identityProviderClient.associateSoftwareToken(softwareTokenRequest) val secretCode = tokenResponse.secretCode println("Enter this token into Google Authenticator") println(secretCode) return tokenResponse.session } } suspend fun confirmSignUp( clientIdVal: String?, codeVal: String?, userNameVal: String?, ) { val signUpRequest = ConfirmSignUpRequest { clientId = clientIdVal confirmationCode = codeVal username = userNameVal } CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient -> identityProviderClient.confirmSignUp(signUpRequest) println("$userNameVal was confirmed") } } suspend fun getAdminUser( userNameVal: String?, poolIdVal: String?, ) { val userRequest = AdminGetUserRequest { username = userNameVal userPoolId = poolIdVal } CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient -> val response = identityProviderClient.adminGetUser(userRequest) println("User status ${response.userStatus}") } } suspend fun signUp( clientIdVal: String?, userNameVal: String?, passwordVal: String?, emailVal: String?, ) { val userAttrs = AttributeType { name = "email" value = emailVal } val userAttrsList = mutableListOf() userAttrsList.add(userAttrs) val signUpRequest = SignUpRequest { userAttributes = userAttrsList username = userNameVal clientId = clientIdVal password = passwordVal } CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient -> identityProviderClient.signUp(signUpRequest) println("User has been signed up") } } ``` + For API details, see the following topics in *AWS SDK for Kotlin API reference*. + [AdminGetUser](https://sdk.amazonaws.com/kotlin/api/latest/index.html) + [AdminInitiateAuth](https://sdk.amazonaws.com/kotlin/api/latest/index.html) + [AdminRespondToAuthChallenge](https://sdk.amazonaws.com/kotlin/api/latest/index.html) + [AssociateSoftwareToken](https://sdk.amazonaws.com/kotlin/api/latest/index.html) + [ConfirmDevice](https://sdk.amazonaws.com/kotlin/api/latest/index.html) + [ConfirmSignUp](https://sdk.amazonaws.com/kotlin/api/latest/index.html) + [InitiateAuth](https://sdk.amazonaws.com/kotlin/api/latest/index.html) + [ListUsers](https://sdk.amazonaws.com/kotlin/api/latest/index.html) + [ResendConfirmationCode](https://sdk.amazonaws.com/kotlin/api/latest/index.html) + [RespondToAuthChallenge](https://sdk.amazonaws.com/kotlin/api/latest/index.html) + [SignUp](https://sdk.amazonaws.com/kotlin/api/latest/index.html) + [VerifySoftwareToken](https://sdk.amazonaws.com/kotlin/api/latest/index.html)