3

I have a web angular front end an, API gateway protected by Cognito and Lambda for other business use cases. The login and authorisation works fine. I am using AWS Javascript SDK for authorising. Something like https://s3.amazonaws.com/solutions-reference/mobile-backend/latest/mobile-app-backend.pdf

In my lambda I need to get other users information like first name, second name, DOB etc.... by passing email id, which I have in my Lambda.(email id is the mandatory field in Cognito). This lambda is kicked in from the front end action. Imagine viewing some other user's profile kind of scenario.

I beleive this is the API http://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminGetUser.html but I cant find the way to do in Java code.

paramupk
  • 626
  • 1
  • 11
  • 32

1 Answers1

6

Use AWSCognitoIdentityProvider

AWSCognitoIdentityProvider client = AWSCognitoIdentityProviderClientBuilder.standard()
         .withCredentials(awsCredentialsProvider).build();

AdminGetUserRequest adminGetUserRequest = new AdminGetUserRequest()
                        .withUserPoolId("XXXXXXXXXXX")
                        .withUsername("userName");
AdminGetUserResult adminGetUserResult = client.adminGetUser(adminGetUserRequest);

There is lots of other functions as well like list all cognito users, which can be done:

ListUsersRequest listUserRequest = new 
ListUsersRequest().withUserPoolId("XXXXXXXXX");
ListUsersResult listUsersResult = client.listUsers(listUserRequest);

Maven is :

    <dependency>
        <groupId>com.amazonaws</groupId>
        <artifactId>aws-java-sdk-cognitoidp</artifactId>
        <version>${aws-cloud-version}</version>
    </dependency>

Please make sure your lambda role have access to use Cognito like cognito-idp:AdminGetUser

paramupk
  • 626
  • 1
  • 11
  • 32
  • 1
    Be aware that the attribute's `toString` method shows the value as `***Sensitive Data Redacted***` So, for example, in Kotlin, to print the email, use `println(adminGetUserResult.userAttributes.filter{ it.name == "email"}[0].value)` instead of `println(adminGetUserResult.userAttributes.filter{ it.name == "email"}[0].toString())`. – Big Pumpkin Nov 25 '19 at 07:32
  • Do we still need to pass in credentials with withCredentials(awsCredentialsProvider)? If we give access to cognito-idp:AdminGetUser from the lambda? I am getting a UnrecognizedClientException. I think its related to me passing in credentials from environment variable which the lambda generates? – jpell Jan 03 '22 at 00:59