I’m trying to start a new simple project with SpringBoot using AWS Cognito for authentication/authorization
Following some guide on web i found some different configuration, for example:
- https://www.baeldung.com/spring-security-oauth-cognito
- https://wilkom2009.hashnode.dev/how-to-secure-spring-boot-rest-api-endpoints-with-amazon-cognito
In the Baeldung is used only the spring module spring-security-oauth2-jose while in the second guide use only spring-boot-starter-oauth2-resource-server and he configures the resource-server. Both the configuration allow the user to login and access to application.
I can’t figure out the difference between this 2 configuration and when I should use one instead of another.
In other guide i saw use both together.
Thanks to all
I’m trying to create a simple angular single page application.
2
Answers
The Baeldung article looks like it is just using Spring and not Spring Boot. So they wouldn’t use spring-boot-starter modules.
If you are using Spring Boot you should be able use the spring-boot-starter-oauth2-resource-server and follow the second guide.
spring-security-oauth2-jose is actually a dependency of spring-boot-starter-oauth2-resource-server and is used by it under the hood.
Related post about spring-boot-starter vs spring modules:
What is the difference between spring-boot-starter-oauth2-client, spring-cloud-starter-oauth2 and spring-security-oauth2
Just for fun, a 3rd solution: the 2nd of my tutorials has a profile for Cognito (see the properties file). It is shorter / simpler than what you referenced and enables Role Based Access Control (using Cognito roles, not just the default scope claim)
Also, be sure to use a certified OpenID lib on client side. My favorite for Angular is angular-auth-oidc-client.