Android AWS - Which Cognito SDK?

We are implementing user pools and identities with AWS Cognito. I am very inexperienced with AWS and have quite a bit of confusion.

Ideally, the administrator registration flow is as follows:

  • An unregistered user creates a new group, designates email and password, and becomes the first administrator of that group

  • To invite more administrators, the group creator (or any admin) may designate an email of the new admin

  • The newly invited admin receives a code/temporary password

  • Newly invited admin signs in with email and temporary password and are prompted to update details

For normal users:

  • Unregistered users will input a code unique to the group they want to join

  • A new user is created under the delegation of respective group administrators

All the Cognito examples specifically for Android use pool.signUpInBackground(). The problem here is that all user attributes must be defined before signing up.

There is an adminCreateUser function in the Java SDK (not the Android SDK) that seems to support what I'm trying to do, but

a) I am extremely confused about which libraries/dependencies to include. After adding the Java API into Gradle, I am seeing imports from many different packages that seem to share functionality.

i.e., what is the difference between



b) How do I securely implement adminAddUser into my code and ensure there is no way to abuse the call to register a user into another group?

The overlap between all these APIs is very confusing to me. Thank you for anyone able to clear this up.