Last updated: Sep 17, 2023
AWS Cognito - Sign-in User Programmatically using Java

To programmatically sign in a user in Amazon Cognito using Java, you typically use the AWS SDK for Java. Here are the steps:
First, add AWS Java SDK For Amazon Cognito Identity Provider Service dependency to your project.
Sample Java code:
import java.util.HashMap;
import java.util.Map;
import com.amazonaws.auth.AWSStaticCredentialsProvider;
import com.amazonaws.auth.BasicAWSCredentials;
import com.amazonaws.services.cognitoidp.AWSCognitoIdentityProvider;
import com.amazonaws.services.cognitoidp.AWSCognitoIdentityProviderClientBuilder;
import com.amazonaws.services.cognitoidp.model.AdminInitiateAuthRequest;
import com.amazonaws.services.cognitoidp.model.AdminInitiateAuthResult;
import com.amazonaws.services.cognitoidp.model.AdminRespondToAuthChallengeRequest;
import com.amazonaws.services.cognitoidp.model.AdminRespondToAuthChallengeResult;
import com.amazonaws.services.cognitoidp.model.AuthFlowType;
import com.amazonaws.services.cognitoidp.model.AuthenticationResultType;
import com.amazonaws.services.cognitoidp.model.ChallengeNameType;

public class CognitoExample {

  public static void main(String args) {
    // AWS credentials
    String ACCESS_KEY = "AKIASI5XVTY2KVH46OND";
    String SECRET_KEY = "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";

    // Cognito credentials
    String clientId = "3uiat1ngjtgfu6v3sv0ha6786";
    String userPoolId = "us-east-1_c174bztKi";

    // Test user data
    String email = "testbuddy@example.com";
    String password = "Test123$";
    // New password is only required if the user status is FORCED_CHANGE_PASSWORD
    String newPassword = "";

    BasicAWSCredentials awsCreds = new BasicAWSCredentials(ACCESS_KEY, SECRET_KEY);

    AWSCognitoIdentityProvider cognitoClient = AWSCognitoIdentityProviderClientBuilder.standard()
        .withCredentials(new AWSStaticCredentialsProvider(awsCreds)).withRegion("us-east-1")
        .build();



    final Map<String, String> authParams = new HashMap<>();
    authParams.put("USERNAME", email);
    authParams.put("PASSWORD", password);

    final AdminInitiateAuthRequest authRequest = new AdminInitiateAuthRequest();
    authRequest.withAuthFlow(AuthFlowType.ADMIN_NO_SRP_AUTH).withClientId(clientId)
        .withUserPoolId(userPoolId).withAuthParameters(authParams);

    try {
      AdminInitiateAuthResult result = cognitoClient.adminInitiateAuth(authRequest);

      AuthenticationResultType authenticationResult = null;

      if (result.getChallengeName() != null && !result.getChallengeName().isEmpty()) {

        System.out.println("Challenge Name is " + result.getChallengeName());

        if (result.getChallengeName().contentEquals("NEW_PASSWORD_REQUIRED")) {
          if (password == null) {
            System.out.println("User must change password " + result.getChallengeName());

          } else {

            final Map<String, String> challengeResponses = new HashMap<>();
            challengeResponses.put("USERNAME", email);
            challengeResponses.put("PASSWORD", password);
            // add new password
            challengeResponses.put("NEW_PASSWORD", newPassword);

            final AdminRespondToAuthChallengeRequest request =
                new AdminRespondToAuthChallengeRequest()
                    .withChallengeName(ChallengeNameType.NEW_PASSWORD_REQUIRED)
                    .withClientId(clientId).withUserPoolId(userPoolId)
                    .withChallengeResponses(challengeResponses).withSession(result.getSession());

            AdminRespondToAuthChallengeResult resultChallenge =
                cognitoClient.adminRespondToAuthChallenge(request);
            authenticationResult = resultChallenge.getAuthenticationResult();

            System.out.println(authenticationResult.getAccessToken());
            System.out.println(authenticationResult.getIdToken());
            System.out.println(authenticationResult.getRefreshToken());
            System.out.println(authenticationResult.getExpiresIn());
            System.out.println(authenticationResult.getTokenType());
          }

        } else {
          System.out.println("User has other challenge " + result.getChallengeName());
        }
      } else {

        System.out.println("User has no challenge");
        authenticationResult = result.getAuthenticationResult();
   
        System.out.println(authenticationResult.getAccessToken());
        System.out.println(authenticationResult.getIdToken());
        System.out.println(authenticationResult.getRefreshToken());
        System.out.println(authenticationResult.getExpiresIn());
        System.out.println(authenticationResult.getTokenType());
      }

    } catch (Exception e) {
      System.out.println(e.getMessage());
    }
    cognitoClient.shutdown();
  }

}