Securing Micro Services in Quarkus with AWS Cognito

Securing Micro Services in Quarkus with AWS Cognito

Cognito is a cloud-based identity and access management solution. It supports OAuth2 and OpenId Connect. It can be a cost-effective way to manage a large user base for your platform.

In a previous series that I wrote on building a micro service from the ground up with Quarkus and Kotlin, the service was secured using OpenID Connect. The premise was that the service would be behind an API gateway and would be invoked by another micro service using JWTs issued by an OIDC provider. For component tests we used Keycloak as the provider, which also is a good choice for hosting your own OIDC server. We also demonstrated how Okta could be used as an external OIDC provider for issuing JWTs. In this article we will explore using Amazon Cognito.

What is Amazon Cognito

Cognito is a cloud-based identity and access management solution. It supports OAuth2 and OpenId Connect. It can be a cost-effective way to manage a large user base for your platform. It is comprised of two main components:

User Pools

A user directory in Cognito that provides all the security services that you would expect for managing users such as sign up, sign in, MFA, social login, user management, etc. Cognito will normalise any tokens received via federated login and return Cognito User Pool (CUP) tokens. These are just standardised JWTs so you don’t have to worry about the original format of each type of token.

Identity Pools

Allows access to AWS services via federated identities. Using identity pools you can obtain temporary access tokens to interact with AWS services. This is illustrated in Step 2 and Step 3 in the diagram below.

Image for post

openid-connect security quarkus amazon-cognito microservices

Bootstrap 5 Complete Course with Examples

Bootstrap 5 Tutorial - Bootstrap 5 Crash Course for Beginners

Nest.JS Tutorial for Beginners

Hello Vue 3: A First Look at Vue 3 and the Composition API

Building a simple Applications with Vue 3

Deno Crash Course: Explore Deno and Create a full REST API with Deno

How to Build a Real-time Chat App with Deno and WebSockets

Convert HTML to Markdown Online

HTML entity encoder decoder Online

Building a Secure REST API with OpenID Connect - DZone Microservices

In this article, we’ll take a look at building a secured REST API by integrating with Okta as the identity provider via OpenID Connect (OIDC).

Securing APIs and Microservices with OAuth and OpenID Connect

Microservices present a new way of scaling API deployments, where each component is an island, performing a small but well defined task.

User Authentication With Amazon Cognito

In this article, I walk through what is Amazon Cognito and how to use it for your user management, authentication, and authorization.

Building a Secure REST API with OpenID Connect

In this article, we’ll take a look at building a secured REST API by integrating with Okta as the identity provider via OpenID Connect (OIDC). This article is based on the DZone article Building a Java REST API with Quarkus, which explains how to create a Java REST API with Quarkus and Okta. We will be implementing a similar scenario here by using Ballerinalang,

Microservices Security in Action

This recently published book on microservices security highlights the patterns and best practices of ensuring microservices are safe and secure.