Spring Boot Application API (Resource Server) + AWS Cognito

I tried following this tutorial but the classes where deprecated:

Resource Server with Cognito

so I figured out how to do it on my own and wanted to share it with anyone who is interested because I spent quite some time figuring it out.

The dependencies you will need:

<dependency>
   <groupId>org.springframework.boot</groupId>
   <artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
</dependency>
<dependency>
   <groupId>org.springframework.boot</groupId>
   <artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
   <groupId>org.springframework.boot</groupId>
   <artifactId>spring-boot-starter-web</artifactId>
</dependency>

application.properties configuration, replace <aws-region> and <pool-id> with your values:

#cognito
spring.security.oauth2.resourceserver.jwt.jwk-set-uri=https://cognito-idp.<aws-region>.amazonaws.com/<pool-id>/.well-known/jwks.json
spring.security.oauth2.resourceserver.jwt.issuer-uri=https://cognito-idp.<aws-region>.amazonaws.com/<pool-id>

lastly the spring security configuration:

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
         http
                .authorizeRequests()
                .anyRequest().authenticated().and()
                .oauth2ResourceServer().jwt();
    }
}

to test your endpoint using an IntelliJ .http file replace your-token-here with your token

POST http://localhost:8080/
Content-Type: application/json
Authorization: Bearer your-token-here
{
  "sample": "json"
}

Cheers