Now generally available: HAQM CognitoAuthentication Extension Library

We’re excited to announce the general availability of the HAQM CognitoAuthentication Extension Library! The general availability release adds security, improves performance, and fixes bugs to the previously available developer preview. This library simplifies the authentication process of HAQM Cognito user pools for .NET Core and Xamarin applications, and targets .NET Standard 2.0.

HAQM Cognito user pools make it easy for developers to add registration and login functionality to web and mobile applications. Once a user is signed in, HAQM Cognito provisions identity tokens for signed-in user. In addition to passwords, HAQM Cognito user pool authentication flows are extensible to enable the incorporation of new challenge types to verify user identity.

HAQM Cognito user pools offer built-in support for the Secure Remote Password (SRP) protocol on the server side, but client applications must provide their own implementation. The HAQM CognitoAuthentication Extension Library eliminates the complexity of implementing this protocol. This removes the need to write hundreds of lines of a difficult cryptography implementation. You can now use intuitive and straightforward authentication with HAQM Cognito user pools by using a few short method calls.

Authenticating with Secure Remote Password protocol (SRP)

Instead of implementing the cryptographic methods yourself, you only need to create the following objects:

• HAQMCognitoIdentityProviderClient
• CognitoUserPool
• CognitoUser
• InitiateSrpAuthRequest

Initiating the SRP protocol is then as simple as a single call to StartWithSrpAuthAsync.

The InitiateSrpAuthRequest object requires only the password for the user. The authentication returns an AuthFlowResponse object. The AuthenticationResult property of the AuthFlowResponse object contains the user’s session tokens if authentication succeeded.

For example, this is how you can authenticate to an HAQM Cognito user pool “poolId” as user “username” with password “userPassword”:

using HAQM.Runtime;
using HAQM.CognitoIdentityProvider;
using HAQM.Extensions.CognitoAuthentication;
using System.Threading.Tasks;

public async Task AuthenticateWithSrpAsync()
{
    HAQMCognitoIdentityProviderClient provider = new HAQMCognitoIdentityProviderClient(FallbackRegionFactory.GetRegionEndpoint());

    CognitoUserPool userPool = new CognitoUserPool("poolID", "clientID", provider);
    CognitoUser user = new CognitoUser("username", "clientID", userPool, provider);

    string password = "userPassword";

    AuthFlowResponse context = await user.StartWithSrpAuthAsync(new InitiateSrpAuthRequest
    {
        Password = password
    }).ConfigureAwait(false);
}

If more challenge responses are required, the AuthenticationResult property is null and the ChallengeName property describes the next challenge, such as multi-factor authentication. You would then call the appropriate method to continue the authentication flow.

You can find additional code samples on how to integrate with the library in the AWS SDK for .NET Developer Guide.

Important: Although previously called AWSSDK.Extensions.CognitoAuthentication, the library is now available in the NuGet gallery as HAQM.Extensions.CognitoAuthentication to better align the name with other extensions we’re supporting and to distinguish the package from the AWS SDK for .NET.

Contact us

Let us know your feedback and check out the source on GitHub!
Come join the AWS SDK for .NET community chat on Gitter.
Submit a feature request or up-vote existing ones on the GitHub Issues page.