AWS Developer Tools Blog

Now generally available: Amazon CognitoAuthentication Extension Library

We’re excited to announce the general availability of the Amazon CognitoAuthentication Extension Library! The general availability release adds security, improves performance, and fixes bugs to the previously available developer preview. This library simplifies the authentication process of Amazon Cognito user pools for .NET Core and Xamarin applications, and targets .NET Standard 2.0.

Amazon Cognito user pools make it easy for developers to add registration and login functionality to web and mobile applications. Once a user is signed in, Amazon Cognito provisions identity tokens for signed-in user. In addition to passwords, Amazon Cognito user pool authentication flows are extensible to enable the incorporation of new challenge types to verify user identity.

Amazon Cognito user pools offer built-in support for the Secure Remote Password (SRP) protocol on the server side, but client applications must provide their own implementation. The Amazon CognitoAuthentication Extension Library eliminates the complexity of implementing this protocol. This removes the need to write hundreds of lines of a difficult cryptography implementation. You can now use intuitive and straightforward authentication with Amazon Cognito user pools by using a few short method calls.

Authenticating with Secure Remote Password protocol (SRP)

Instead of implementing the cryptographic methods yourself, you only need to create the following objects:

  • AmazonCognitoIdentityProviderClient
  • CognitoUserPool
  • CognitoUser
  • InitiateSrpAuthRequest

Initiating the SRP protocol is then as simple as a single call to StartWithSrpAuthAsync.

The InitiateSrpAuthRequest object requires only the password for the user. The authentication returns an AuthFlowResponse object. The AuthenticationResult property of the AuthFlowResponse object contains the user’s session tokens if authentication succeeded.

For example, this is how you can authenticate to an Amazon Cognito user pool “poolId” as user “username” with password “userPassword”:

using Amazon.Runtime;
using Amazon.CognitoIdentityProvider;
using Amazon.Extensions.CognitoAuthentication;
using System.Threading.Tasks;

public async Task AuthenticateWithSrpAsync()
    AmazonCognitoIdentityProviderClient provider = new AmazonCognitoIdentityProviderClient(FallbackRegionFactory.GetRegionEndpoint());

    CognitoUserPool userPool = new CognitoUserPool("poolID", "clientID", provider);
    CognitoUser user = new CognitoUser("username", "clientID", userPool, provider);

    string password = "userPassword";

    AuthFlowResponse context = await user.StartWithSrpAuthAsync(new InitiateSrpAuthRequest
        Password = password

If more challenge responses are required, the AuthenticationResult property is null and the ChallengeName property describes the next challenge, such as multi-factor authentication. You would then call the appropriate method to continue the authentication flow.

You can find additional code samples on how to integrate with the library in the AWS SDK for .NET Developer Guide.

Important: Although previously called AWSSDK.Extensions.CognitoAuthentication, the library is now available in the NuGet gallery as Amazon.Extensions.CognitoAuthentication to better align the name with other extensions we’re supporting and to distinguish the package from the AWS SDK for .NET.

Contact us

Let us know your feedback and check out the source on GitHub!
Come join the AWS SDK for .NET community chat on Gitter.
Submit a feature request or up-vote existing ones on the GitHub Issues page.