AWS Cognito Accepting Any Password

I am implementing AWS with an Android application for the first time.

We would like to use Cognito to authenticate our users, and selectively provide data from DynamoDB.

I have successfully set up my user pool and can see new registrations appear in the user list. Trying to login with an email that does not exist fails.

However, Cognito always logs in with a valid email address, regardless of password input.

What is wrong with my process?

public class CognitoController extends Application {
    static CognitoUserPool pool;
    static String userEmail;
    public void onCreate(){
        super.onCreate();
        pool = new CognitoUserPool(this,
                "us-east-xxxx",
                "xxxx",
                "xxxx",
                new ClientConfiguration(),
                Regions.US_EAST_1);
    }
}

-

private void actionAdminLogin(){
        UtilityInterfaceTools.hideSoftKeyboard(AdminLoginActivity.this);
        String inputEmail = ((EditText) findViewById(R.id.input_admin_email)).getText().toString();
        String inputPassword = ((EditText) findViewById(R.id.input_admin_password)).getText().toString();
        CognitoController.userEmail = inputEmail;
        details = new AuthenticationDetails(inputEmail, inputPassword, null);

        AuthenticationHandler auther = new AuthenticationHandler() {
            @Override
            public void onSuccess(CognitoUserSession userSession, CognitoDevice newDevice) {
                Toast.makeText(AdminLoginActivity.this, "Congratulations It Works...", Toast.LENGTH_LONG).show();
                startActivity(new Intent(AdminLoginActivity.this, AdminPortalActivity.class));
                finish();
            }

            @Override
            public void getAuthenticationDetails(AuthenticationContinuation continuation, String email) {
                continuation.setAuthenticationDetails(details);
                continuation.continueTask();
            }

            @Override
            public void getMFACode(MultiFactorAuthenticationContinuation continuation) {
                continuation.continueTask();
            }

            @Override
            public void authenticationChallenge(ChallengeContinuation continuation) {
                continuation.continueTask();
            }

            @Override
            public void onFailure(Exception exception) {
                TextView errorMessage = findViewById(R.id.message_invalid_credentials);
                errorMessage.setText(exception.toString());
                errorMessage.setVisibility(View.VISIBLE);
            }
        };
        CognitoController.pool.getUser(inputEmail).getSessionInBackground(auther);
    }