1

I'm trying to integrate a Spring Cloud Gateway (with WebFlux) and Amazon AWS Cognito. I spent almost a week and it is still not working. I want to authenticate users in a cognito user pool using authorization_code grant type.

Here is my settings:

spring:
  security:
    oauth2:
      client:
        registration:
          cognito:
            client-id: xxxxx
            client-secret: xxxx
            scope: openid
            redirectUriTemplate: "http://localhost:9090/login/oauth2/code/cognito"
            clientName: xxxx-client
        provider:
          cognito:
            issuerUri: https://cognito-idp.us-east-2.amazonaws.com/xxxxxxxxx
            usernameAttribute: cognito:username

Here is my pom.xml

<dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-actuator</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-webflux</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-gateway</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-netflix-eureka-client</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-netflix-hystrix</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-openfeign</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-security</artifactId>
        </dependency>

One of the issues I'm facing is :

{"code":"BadRequest","message":"The server did not understand the operation that was requested.","type":"client"}

And some other random issues. I was never able to see Cognito's login screen. If you can provide some sample application it will he helpful.

Rigoni
  • 302
  • 1
  • 5
  • 15
  • Hi @Rigoni, By any chance you have sample code, everywhere i can see people using aws api-gateway. I want to spring starter gateway with cognito to validate the incoming request access token – ashu Sep 06 '22 at 12:27

1 Answers1

3

The problem is that you need to setup a domain name for it. You do this on AWS under User Pools -> App Integration -> Domain Name page. Then you need to setup a Amazon Cognito domain. This domain name can be any name as long as it's not taken.

Hope this helps someone as this took me several hours of wasted time and I couldn't find an answer anywhere.

Adam Dewing
  • 119
  • 1
  • 9